Vulnerability Description
SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php, but PostNuke 0.764 does not appear to have this issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Postnuke Software Foundation | Postnuke | 0.76_rc4 |
References
- http://securityreason.com/securityalert/1952
- http://www.securityfocus.com/archive/1/437832/100/200/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27501
- http://securityreason.com/securityalert/1952
- http://www.securityfocus.com/archive/1/437832/100/200/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27501
FAQ
What is CVE-2006-6233?
CVE-2006-6233 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation....
How severe is CVE-2006-6233?
CVE-2006-6233 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-6233?
Check the references section above for vendor advisories and patch information. Affected products include: Postnuke Software Foundation Postnuke.