Vulnerabilities > Postnuke Software Foundation > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-01-09 | CVE-2006-0147 | Remote Security vulnerability in Moodle Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo. | 7.5 |
| 2005-08-24 | CVE-2005-2690 | SQL Injection vulnerability in Postnuke Software Foundation Postnuke 0.76Rc4B SQL injection vulnerability in the Downloads module in PostNuke 0.760-RC4b allows PostNuke administrators to execute arbitrary SQL commands via the show parameter to dl-viewdownload.php. | 7.5 |
| 2005-05-31 | CVE-2005-1777 | Unspecified vulnerability in Postnuke Software Foundation Postnuke 0.750 SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to execute arbitrary SQL commands via the start parameter. | 7.5 |
| 2005-05-24 | CVE-2005-1700 | Unspecified vulnerability in Postnuke Software Foundation Postnuke 0.760Rc3 SQL injection vulnerability in pnadmin.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to execute arbitrary SQL commands via the riga[0] parameter. | 7.5 |
| 2005-05-24 | CVE-2005-1694 | Unspecified vulnerability in Postnuke Software Foundation Postnuke 0.750 Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia module in PostNuke 0.750 allow remote attackers to execute arbitrary SQL commands via the (1) name or (2) module parameter. | 7.5 |
| 2005-05-02 | CVE-2005-1048 | Unspecified vulnerability in Postnuke Software Foundation Postnuke 0.760Rc3 SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 allows remote attackers to execute arbitrary SQL statements via the sid parameter. | 7.5 |
| 2005-05-02 | CVE-2005-0617 | SQL-Injection vulnerability in Postnuke Software Foundation Postnuke 0.750/0.760Rc2 SQL injection vulnerability in dl-search.php in PostNuke 0.750 and 0.760-RC2 allows remote attackers to execute arbitrary SQL commands via the show parameter. | 7.5 |
| 2005-05-02 | CVE-2005-0615 | SQL-Injection vulnerability in Postnuke Software Foundation Postnuke 0.760Rc2 Multiple SQL injection vulnerabilities in (1) index.php, (2) modules.php, or (3) admin.php in PostNuke 0.760-RC2 allow remote attackers to execute arbitrary SQL code via the catid parameter. | 7.5 |
| 2004-12-31 | CVE-2004-1949 | Module SQL Injection vulnerability in Postnuke Software Foundation Postnuke 0.726 SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via (1) the sif parameter to index.php in the Comments module or (2) timezoneoffset parameter to changeinfo.php in the Your_Account module. | 7.5 |
| 2004-12-31 | CVE-2004-1787 | SQL Injection vulnerability in Postnuke Software Foundation Postcalendar 4.0.0 SQL injection vulnerability in PostCalendar 4.0.0 allows remote attackers to execute arbitrary SQL commands via search queries. | 7.5 |