FreeBSD Ports: Postnuke Network Vulnerability

Summary

The remote host is missing an update to the system as announced in the referenced advisory.

Solution

Update your system with the appropriate patches or software upgrades. http://news.postnuke.com/Article2669.html http://marc.theaimsgroup.com/?l=bugtraq&m=110962710805864 http://marc.theaimsgroup.com/?l=bugtraq&m=110962819232255 http://www.vuxml.org/freebsd/f3eec2b5-8cd8-11d9-8066-000a95bc6fae.html

Insight

The following package is affected: postnuke CVE-2005-0617 SQL injection vulnerability in dl-search.php in PostNuke 0.750 and 0.760-RC2 allows remote attackers to execute arbitrary SQL commands via the show parameter. CVE-2005-0615 Multiple SQL injection vulnerabilities in (1) index.php, (2) modules.php, or (3) admin.php in PostNuke 0.760-RC2 allow remote attackers to execute arbitrary SQL code via the catid parameter.

Severity

Classification

CVE CVE-2005-0615, CVE-2005-0617

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

FreeBSD Ports: apache+mod_ssl
FreeBSD Ports: acroread9
FreeBSD Ports: bidwatcher
FreeBSD Ports: asterisk16
FreeBSD Ports: caml-light

FreeBSD Ports: postnuke

Take action and discover your vulnerabilities