Postnuke Software Foundation Postnuke — known CVE vulnerabilities
Every CVE whose affected-product data names Postnuke Software Foundation Postnuke, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (38)
CVE-2007-0386 — CVSS 10.0 (critical): Unspecified vulnerability in the rating section in PostNuke 0.764 has unknown impact and attack vectors, related to "an interesting bug."
CVE-2007-0385 — CVSS 7.8 (high): The faq section in PostNuke 0.764 allows remote attackers to obtain sensitive information (the full path) via "unvalidated output" in…
CVE-2006-6267 — CVSS 7.8 (high): PostNuke 0.7.5.0, and certain minor versions, allows remote attackers to obtain sensitive information via a non-numeric value of the stop…
CVE-2001-0911 — CVSS 7.5 (high): PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by…
CVE-2001-1460 — CVSS 7.5 (high): SQL injection vulnerability in article.php in PostNuke 0.62 through 0.64 allows remote attackers to bypass authentication via the user…
CVE-2002-2015 — CVSS 7.5 (high): PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows remote attackers to include arbitrary files and possibly execute code…
CVE-2004-1949 — CVSS 7.5 (high): SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via (1) the sif parameter to…
CVE-2005-0615 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in (1) index.php, (2) modules.php, or (3) admin.php in PostNuke 0.760-RC2 allow remote attackers to…
CVE-2005-0617 — CVSS 7.5 (high): SQL injection vulnerability in dl-search.php in PostNuke 0.750 and 0.760-RC2 allows remote attackers to execute arbitrary SQL commands via…
CVE-2005-1048 — CVSS 7.5 (high): SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 allows remote attackers to execute arbitrary SQL statements via the sid…
CVE-2005-1694 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia module in PostNuke 0.750 allow remote attackers to execute arbitrary…
CVE-2005-1700 — CVSS 7.5 (high): SQL injection vulnerability in pnadmin.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to execute arbitrary…
CVE-2005-1777 — CVSS 7.5 (high): SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to execute arbitrary SQL commands via the start…
CVE-2005-2690 — CVSS 7.5 (high): SQL injection vulnerability in the Downloads module in PostNuke 0.760-RC4b allows PostNuke administrators to execute arbitrary SQL commands…
CVE-2006-0146 — CVSS 7.5 (high): The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4)…
CVE-2006-0147 — CVSS 7.5 (high): Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including…
CVE-2006-5121 — CVSS 7.5 (high): SQL injection vulnerability in modules/Downloads/admin.php in the Admin section of PostNuke 0.762 allows remote attackers to execute…
CVE-2006-5733 — CVSS 7.5 (high): Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local…
CVE-2006-6233 — CVSS 7.5 (high): SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL…
CVE-2004-2751 — CVSS 6.8 (medium): SQL injection vulnerability in the members_list module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute…
CVE-2007-0384 — CVSS 5.1 (medium): Cross-site scripting (XSS) vulnerability in preview in the reviews section in PostNuke 0.764 allows remote attackers to inject arbitrary…
CVE-2006-0801 — CVSS 5.1 (medium): SQL injection vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is off, allows remote…
CVE-2005-1621 — CVSS 5.0 (medium): Directory traversal vulnerability in the pnModFunc function in pnMod.php for PostNuke 0.750 through 0.760rc4 allows remote attackers to…
CVE-2005-1050 — CVSS 5.0 (medium): The modload op in the Reviews module for PostNuke 0.760-RC3 allows remote attackers to obtain sensitive information via an invalid id…
CVE-2003-1537 — CVSS 5.0 (medium): Directory traversal vulnerability in PostNuke 0.723 and earlier allows remote attackers to include arbitrary files named theme.php via the…
CVE-2002-0535 — CVSS 5.0 (medium): Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier allows remote attackers to execute script as other users via (1) an…
CVE-2004-1956 — CVSS 5.0 (medium): PostNuke 0.7.2.6 allows remote attackers to gain information via a direct HTTP request to files in the (1) includes/blocks directory, (2)…
CVE-2004-2752 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote…
CVE-2005-1699 — CVSS 4.0 (medium): Directory traversal vulnerability in pnadminapi.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to read…
CVE-2005-1695 — CVSS 2.6 (low): Multiple cross-site scripting (XSS) vulnerabilities in the RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allow remote attackers to…
CVE-2006-0802 — CVSS 2.6 (low): Cross-site scripting (XSS) vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is enabled…
CVE-2005-1778 — CVSS 2.6 (low): Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to inject arbitrary web script or HTML…
CVE-2005-2689 — CVSS 2.6 (low): Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.760-RC4b allows remote attackers to inject arbitrary web script or HTML…
CVE-2001-1521 — CVSS 2.6 (low): Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 allows remote attackers to inject arbitrary web script or HTML via…
CVE-2002-1996 — CVSS 2.6 (low): Cross-site scripting (XSS) vulnerability in PostNuke 0.71 and earlier allows remote attackers to inject arbitrary web script or HTML via…
CVE-2006-0800 — CVSS 2.6 (low): Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags…
CVE-2005-1049 — CVSS 2.6 (low): Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the…
CVE-2005-1696 — CVSS 2.6 (low): Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 and 0.760RC3 allow remote attackers to inject arbitrary web script or…