7.5
CVE-2004-1949
- EPSS 1.96%
- Veröffentlicht 31.12.2004 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:08:42
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via (1) the sif parameter to index.php in the Comments module or (2) timezoneoffset parameter to changeinfo.php in the Your_Account module.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Postnuke Software Foundation ≫ Postnuke Version0.726
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.96% | 0.777 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020154.html
http://marc.info/?l=bugtraq&m=108256503718978&w=2
http://news.postnuke.com/Article2580.html
http://secunia.com/advisories/11386
http://securitytracker.com/id?1009801
http://www.osvdb.org/5368
http://www.osvdb.org/5369
http://www.securityfocus.com/bid/10146
https://exchange.xforce.ibmcloud.com/vulnerabilities/15869
https://exchange.xforce.ibmcloud.com/vulnerabilities/15875