Postnuke 0.760 Release Candidate 2

CPE Details

Postnuke 0.760 Release Candidate 2
postnuke
postnuke
0.760
2023-12-28
15h46 +00:00
2023-12-28
15h46 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:postnuke:postnuke:0.760:rc2:*:*:*:*:*:*

Informations

Vendor

postnuke

Product

postnuke

Version

0.760

Update

rc2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2009-0728 2009-02-24 22h00 +00:00 SQL injection vulnerability in the My_eGallery module for MAXdev MDPro (MD-Pro) and Postnuke allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showpic action to index.php.
7.5
CVE-2008-1591 2008-03-31 21h00 +00:00 The pnVarPrepForStore function in PostNuke 0.764 and earlier skips input sanitization when magic_quotes_runtime is enabled, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via input associated with server variables, as demonstrated by the CLIENT_IP HTTP header (HTTP_CLIENT_IP variable).
7.5
CVE-2005-1697 2005-05-24 02h00 +00:00 The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote attackers to obtain sensitive information via a direct request to simple_smarty.php, which reveals the path in an error message.
5
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.