Detections
Analytics

FreeBSD : postnuke -- SQL injection vulnerabilities (f3eec2b5-8cd8-11d9-8066-000a95bc6fae)

high Nessus Plugin ID 19170

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Two separate SQL injection vulnerabilities have been identified in the PostNuke PHP content management system. An attacker can use this vulnerability to potentially insert executable PHP code into the content management system (to view all files within the PHP scope, for instance). Various other SQL injection vulnerabilities exist, which give attackers the ability to run SQL queries on any tables within the database.

Solution

Update the affected package.

See Also

https://marc.info/?l=bugtraq&m=110962710805864

https://marc.info/?l=bugtraq&m=110962819232255

http://www.postnuke.com/Article2669.html

http://www.nessus.org/u?0b1ca7cc

Plugin Details

Severity: High

ID: 19170

File Name: freebsd_pkg_f3eec2b58cd811d98066000a95bc6fae.nasl

Version: 1.19

Type: local

Published: 7/13/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:postnuke, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 3/4/2005

Vulnerability Publication Date: 2/28/2005

Reference Information

CVE: CVE-2005-0615, CVE-2005-0617