Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2006-6233

Published: Dec 02, 2006 | Modified: Oct 17, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2006-6233
CWEhttps://cwe.mitre.org/data/definitions/NVD-Other.html

SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php, but PostNuke 0.764 does not appear to have this issue.

Affected Software

Name Vendor Start Version End Version
Postnuke Postnuke_software_foundation 0.761 0.761
Postnuke Postnuke_software_foundation 0.760_rc4 0.760_rc4
Postnuke Postnuke_software_foundation 0.760_rc3 0.760_rc3
Postnuke Postnuke_software_foundation 0.760_rc2 0.760_rc2
Postnuke Postnuke_software_foundation 0.762 0.762
Postnuke Postnuke_software_foundation 0.763 0.763
Postnuke Postnuke_software_foundation 0.76_rc4b 0.76_rc4b
Postnuke Postnuke_software_foundation 0.76_rc4 0.76_rc4
Postnuke Postnuke_software_foundation 0.761a 0.761a
Postnuke Postnuke_software_foundation 0.76_rc4a 0.76_rc4a

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2023 Aqua Security Software Ltd.   Privacy Policy | Terms of Use