Postnuke Software Foundation : Security Vulnerabilities, CVEs, Published In 2007 CVSS score >= 7
SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i and earlier for Postnuke allows remote attackers to execute arbitrary SQL commands via the order parameter.
Max CVSS
7.5
EPSS Score
0.34%
Published
2007-07-05
Updated
2017-09-29
SQL injection vulnerability in index.php in the PNphpBB2 1.2i and earlier module for PostNuke allows remote attackers to execute arbitrary SQL commands via the c parameter.
Max CVSS
7.5
EPSS Score
0.89%
Published
2007-06-06
Updated
2017-10-11
SQL injection vulnerability in index.php in the v4bJournal module for PostNuke allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a journal_comment action.
Max CVSS
7.5
EPSS Score
0.98%
Published
2007-05-04
Updated
2018-10-16
Unspecified vulnerability in the rating section in PostNuke 0.764 has unknown impact and attack vectors, related to "an interesting bug."
Max CVSS
10.0
EPSS Score
0.41%
Published
2007-01-19
Updated
2008-11-13
The faq section in PostNuke 0.764 allows remote attackers to obtain sensitive information (the full path) via "unvalidated output" in FAQ/index.php, possibly involving an undefined id_cat variable.
Max CVSS
7.8
EPSS Score
1.04%
Published
2007-01-19
Updated
2008-11-13
5 vulnerabilities found