Vulnerabilities > CVE-2006-6233 - Unspecified vulnerability in Postnuke Software Foundation Postnuke

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

postnuke-software-foundation

NVD

Published: 2006-12-02

Updated: 2018-10-17

Summary

SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php, but PostNuke 0.764 does not appear to have this issue.

Vulnerable Configurations

Part	Description	Count
Application	Postnuke_Software_Foundation Postnuke Software Foundation Postnuke 0.761 Postnuke Software Foundation Postnuke 0.760_Rc4 Postnuke Software Foundation Postnuke 0.760_Rc3 Postnuke Software Foundation Postnuke 0.760_Rc2 Postnuke Software Foundation Postnuke 0.762 Postnuke Software Foundation Postnuke 0.763 Postnuke Software Foundation Postnuke 0.76_Rc4B Postnuke Software Foundation Postnuke 0.76_Rc4 Postnuke Software Foundation Postnuke 0.761A Postnuke Software Foundation Postnuke 0.76_Rc4A	10

Summary

Vulnerable Configurations

References