| VID |
21251 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The PostNuke installed on the Web server is vulnerable to a SQL injection vulnerability.
This vulnerability has been discovered in PostNuke Phoenix v0.723 and earlier. Specifically, the Glossary module fails to sufficiently sanitize user-supplied input, making it prone to SQL injection attacks. By exploiting this vulnerability, a remote attacker can modify query logic, corrupt the database or gain the control of the underlying database.
* Platforms Affected:
PostNuke Phoenix 0.721
PostNuke Phoenix 0.722
PostNuke Phoenix 0.723
UNIX/Linux Any version
Windows Any version |
| Recommendation |
Upgrade to the latest version of PostNuke (0.726 or later), available from the PostNuke Development Team's Official Web site, http://www.postnuke.com/ |
| Related URL |
(CVE) |
| Related URL |
7697 (SecurityFocus) |
| Related URL |
(ISS) |
|
