CVE-2004-1949

Published: May 10, 2005

Modified: Aug 8, 2024

PUBLISHED

Description

SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via (1) the sif parameter to index.php in the Comments module or (2) timezoneoffset parameter to changeinfo.php in the Your_Account module.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

5369

vdb-entry

x_refsource_OSVDB

10146

vdb-entry

x_refsource_BID

http://news.postnuke.com/Article2580.html

x_refsource_CONFIRM

postnuke-indexphp-sql-injection(15869)

vdb-entry

x_refsource_XF

20040420 [PNSA 2004-2] PostNuke Security Advisory PNSA 2004-2

mailing-list

x_refsource_BUGTRAQ

20040414 [SCAN Associates Sdn Bhd Security Advisory] Postnuke v 0.726 and below SQL injection

mailing-list

x_refsource_FULLDISC

5368

vdb-entry

x_refsource_OSVDB

1009801

vdb-entry

x_refsource_SECTRACK

postnuke-changeinfo-sql-injection(15875)

vdb-entry

x_refsource_XF

11386

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2004-1949

Description

Affected Products

References