Vulnerabilities > Postnuke

DATE	CVE	VULNERABILITY TITLE	RISK
2010-05-04	CVE-2010-1713	SQL Injection vulnerability in Postnuke 0.764 SQL injection vulnerability in modules.php in PostNuke 0.764 allows remote attackers to execute arbitrary SQL commands via the sid parameter in a News article modload action. network low complexity postnuke CWE-89	7.5
2009-02-24	CVE-2009-0728	SQL Injection vulnerability in Maxdev MY Egallery SQL injection vulnerability in the My_eGallery module for MAXdev MDPro (MD-Pro) and Postnuke allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showpic action to index.php. network low complexity maxdev postnuke CWE-89	7.5
2008-03-31	CVE-2008-1591	SQL Injection vulnerability in Postnuke The pnVarPrepForStore function in PostNuke 0.764 and earlier skips input sanitization when magic_quotes_runtime is enabled, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via input associated with server variables, as demonstrated by the CLIENT_IP HTTP header (HTTP_CLIENT_IP variable). network low complexity postnuke CWE-89	7.5

Vulnerabilities > Postnuke {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Postnuke"}]}