CVE-2004-1949

Published: Dec 31, 2004Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via (1) the sif parameter to index.php in the Comments module or (2) timezoneoffset parameter to changeinfo.php in the Your_Account module.

Affected (1)

Products: Postnuke Software Foundation: Postnuke

Postnuke Software Foundation

1 product

Postnuke

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Postnuke Software Foundation Postnuke	Version 0.726

References (20)

http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020154.html

Source: cve@mitre.org

Exploit

http://marc.info/?l=bugtraq&m=108256503718978&w=2

Source: cve@mitre.org

http://news.postnuke.com/Article2580.html

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/11386

Source: cve@mitre.org

http://securitytracker.com/id?1009801

Source: cve@mitre.org

http://www.osvdb.org/5368

Source: cve@mitre.org

http://www.osvdb.org/5369

Source: cve@mitre.org

http://www.securityfocus.com/bid/10146

Source: cve@mitre.org

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/15869

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/15875

Source: cve@mitre.org

http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020154.html