CVE-2006-0801 | Vulnerability Database | Aqua Security

SQL injection vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is off, allows remote attackers to execute arbitrary SQL commands via the language parameter to admin.php.

Affected Software

Name	Vendor	Start Version	End Version
Postnuke	Postnuke_software_foundation	*	0.761 (including)

References

http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html
http://news.postnuke.com/index.php?name=News\u0026file=article\u0026sid=2754
http://secunia.com/advisories/18937
http://securityreason.com/securityalert/454
http://www.securityfocus.com/bid/16752
http://www.vupen.com/english/advisories/2006/0673
https://exchange.xforce.ibmcloud.com/vulnerabilities/24827
http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html
http://news.postnuke.com/index.php?name=News\u0026file=article\u0026sid=2754
http://secunia.com/advisories/18937
http://securityreason.com/securityalert/454
http://www.securityfocus.com/bid/16752
http://www.vupen.com/english/advisories/2006/0673
https://exchange.xforce.ibmcloud.com/vulnerabilities/24827

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-0801
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html