Postnuke Software Foundation
postnuke_software_foundation
47 CVEs • 9 products
Products (9)
Click to collapseToggle
Products (9)
Click to collapse
CVEs (47)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Postnuke Software Foundation 1Pnencyclopedia Apr 23, 2026 May 14, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 SQL injection vulnerability in the pnEncyclopedia module 0.2.0 and earlier for PostNuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a display_term action to index.php. |
1Postnuke Software Foundation 1Postschedule Apr 23, 2026 Apr 30, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in index.php in the PostSchedule 1.0 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the eid parameter in an event action. |
1Postnuke Software Foundation 1Pnphpbb2 Apr 23, 2026 Jul 5, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i and earlier for Postnuke allows remote attackers to execute arbitrary SQL commands via the order parameter. |
SQL injection vulnerability in index.php in the PNphpBB2 1.2i and earlier module for PostNuke allows remote attackers to execute arbitrary SQL commands via the c parameter. |
1Postnuke Software Foundation 1Postnuke V4bjournal Module Apr 23, 2026 May 4, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in index.php in the v4bJournal module for PostNuke allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a journal_comment action. |
1Postnuke Software Foundation 1Pagesetter Apr 23, 2026 Mar 2, 2007 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 through 6.3.0 beta 5 module for PostNuke allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. |
1Postnuke Software Foundation 1Postnuke Apr 23, 2026 Jan 19, 2007 N/A· v4 N/A· v3 10.0 HIGH· v2 Unspecified vulnerability in the rating section in PostNuke 0.764 has unknown impact and attack vectors, related to "an interesting bug." |
1Postnuke Software Foundation 1Postnuke Apr 23, 2026 Jan 19, 2007 N/A· v4 N/A· v3 7.8 HIGH· v2 The faq section in PostNuke 0.764 allows remote attackers to obtain sensitive information (the full path) via "unvalidated output" in FAQ/index.php, possibly involving an undefined id_cat variable. |
1Postnuke Software Foundation 1Postnuke Apr 23, 2026 Jan 19, 2007 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in preview in the reviews section in PostNuke 0.764 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
1Postnuke Software Foundation 1Postnuke Apr 23, 2026 Dec 4, 2006 N/A· v4 N/A· v3 7.8 HIGH· v2 PostNuke 0.7.5.0, and certain minor versions, allows remote attackers to obtain sensitive information via a non-numeric value of the stop parameter, which reveals the path in an error message. |
1Postnuke Software Foundation 1Postnuke Apr 23, 2026 Dec 2, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue mi...Show more |
1Postnuke Software Foundation 1Postnuke Apr 23, 2026 Nov 6, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by...Show more |
1Postnuke Software Foundation 1Postnuke Apr 23, 2026 Oct 3, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in modules/Downloads/admin.php in the Admin section of PostNuke 0.762 allows remote attackers to execute arbitrary SQL commands via the hits parameter. |
1Postnuke Software Foundation 1Pnphpbb Apr 16, 2026 Sep 25, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in includes/functions_admin.php in PNphpBB 1.2g allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
1Postnuke Software Foundation 1Postnuke Apr 16, 2026 Feb 20, 2006 N/A· v4 N/A· v3 2.6 LOW· v2 Cross-site scripting (XSS) vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is enabled, allows remote attackers to inject arbitrary web script or HTML via the language parame...Show more |
1Postnuke Software Foundation 1Postnuke Apr 16, 2026 Feb 20, 2006 N/A· v4 N/A· v3 5.1 MEDIUM· v2 SQL injection vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is off, allows remote attackers to execute arbitrary SQL commands via the language parameter to admin.php. |
1Postnuke Software Foundation 1Postnuke Apr 16, 2026 Feb 20, 2006 N/A· v4 N/A· v3 2.6 LOW· v2 Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing "<" character, which is interpreted as a ">" character by some web...Show more |
5John Lim MantisMoodle+2 more5Adodb CactiMantis+2 moreApr 16, 2026 Jan 9, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, pos...Show more |
6John Lim MantisMediabeez+3 more6Adodb CactiMantis+3 moreApr 16, 2026 Jan 9, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the...Show more |
1Postnuke Software Foundation 1Postnuke Apr 16, 2026 Aug 24, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in the Downloads module in PostNuke 0.760-RC4b allows PostNuke administrators to execute arbitrary SQL commands via the show parameter to dl-viewdownload.php. |