FreeBSD : postnuke -- admin section SQL injection (35f2679f-52d7-11db-8f1a-000a48049292)

This script is Copyright (C) 2006-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

ISS X-Force reports :

PostNuke is vulnerable to SQL injection. A remote attacker could send
specially crafted SQL statements to the admin section using the hits
parameter, which could allow the attacker to view, add, modify or
delete information in the back-end database.

See also :

http://xforce.iss.net/xforce/xfdb/29271
http://www.securityfocus.com/archive/1/archive/1/447361/100/0/threaded
http://www.nessus.org/u?faa2e9b4

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 22500 (freebsd_pkg_35f2679f52d711db8f1a000a48049292.nasl)

Bugtraq ID: 20317

CVE ID: CVE-2006-5121

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now