Описание
SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php, but PostNuke 0.764 does not appear to have this issue.
Ссылки
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:postnuke_software_foundation:postnuke:0.76_rc4:*:*:*:*:*:*:*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.76_rc4a:*:*:*:*:*:*:*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.76_rc4b:*:*:*:*:*:*:*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.760_rc2:*:*:*:*:*:*:*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.760_rc3:*:*:*:*:*:*:*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.760_rc4:*:*:*:*:*:*:*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.761:*:*:*:*:*:*:*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.761a:*:*:*:*:*:*:*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.762:*:*:*:*:*:*:*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.763:*:*:*:*:*:*:*
EPSS
Процентиль: 65%
0.00487
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php, but PostNuke 0.764 does not appear to have this issue.
EPSS
Процентиль: 65%
0.00487
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other