FreeBSD : postnuke -- SQL injection vulnerabilities (f3eec2b5-8cd8-11d9-8066-000a95bc6fae)

This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Two separate SQL injection vulnerabilities have been identified in the
PostNuke PHP content management system. An attacker can use this
vulnerability to potentially insert executable PHP code into the
content management system (to view all files within the PHP scope, for
instance). Various other SQL injection vulnerabilities exist, which
give attackers the ability to run SQL queries on any tables within the
database.

See also :

http://marc.info/?l=bugtraq&m=110962710805864
http://marc.info/?l=bugtraq&m=110962819232255
http://news.postnuke.com/Article2669.html
http://www.nessus.org/u?54342661

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 19170 (freebsd_pkg_f3eec2b58cd811d98066000a95bc6fae.nasl)

Bugtraq ID:

CVE ID: CVE-2005-0615
CVE-2005-0617

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now