FreeBSD : postnuke -- SQL injection vulnerabilities (f3eec2b5-8cd8-11d9-8066-000a95bc6fae)

High Nessus Plugin ID 19170


The remote FreeBSD host is missing a security-related update.


Two separate SQL injection vulnerabilities have been identified in the PostNuke PHP content management system. An attacker can use this vulnerability to potentially insert executable PHP code into the content management system (to view all files within the PHP scope, for instance). Various other SQL injection vulnerabilities exist, which give attackers the ability to run SQL queries on any tables within the database.


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 19170

File Name: freebsd_pkg_f3eec2b58cd811d98066000a95bc6fae.nasl

Version: $Revision: 1.14 $

Type: local

Published: 2005/07/13

Modified: 2015/01/12

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:postnuke, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2005/03/04

Vulnerability Publication Date: 2005/02/28

Reference Information

CVE: CVE-2005-0615, CVE-2005-0617