Vulnerabilities > CVE-2004-1949 - Module SQL Injection vulnerability in Postnuke Software Foundation Postnuke 0.726

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
postnuke-software-foundation

Summary

SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via (1) the sif parameter to index.php in the Comments module or (2) timezoneoffset parameter to changeinfo.php in the Your_Account module.

Vulnerable Configurations

Part Description Count
Application
Postnuke_Software_Foundation
1