GCVE - cpe:2.3:a:postnuke_software_foundation:postnuke:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:postnuke_software_foundation:postnuke:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Postnuke Software Foundation (`21b6129d-c94c-5024-82e8-294af50c7a1c`)
Product	Postnuke (`75d3baf4-73b7-56b8-ac69-6cbff3807dd9`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2006-5733`	vulnerable	2026-06-08 04:49:21.158916	Details available Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php. Published: 2006-11-06T18:00:00.000Z Updated: 2024-08-07T20:04:54.583Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/2707 http://secunia.com/advisories/22983 http://www.securityfocus.com/bid/21218 http://community.postnuke.com/Article2787.htm https://exchange.xforce.ibmcloud.com/vulnerabilities/29992	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-0802`	vulnerable	2026-06-08 04:48:55.326582	Details available Cross-site scripting (XSS) vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is enabled, allows remote attackers to inject arbitrary web script or HTML via the language parameter in a missing or translation operation. Published: 2006-02-20T22:00:00.000Z Updated: 2024-08-07T16:48:56.618Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2006/0673 https://exchange.xforce.ibmcloud.com/vulnerabilities/24823 http://www.securityfocus.com/bid/16752 http://news.postnuke.com/index.php?name=News&file=article&sid=2754 http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-0801`	vulnerable	2026-06-08 04:48:55.326109	Details available SQL injection vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is off, allows remote attackers to execute arbitrary SQL commands via the language parameter to admin.php. Published: 2006-02-20T22:00:00.000Z Updated: 2024-08-07T16:48:55.837Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2006/0673 http://www.securityfocus.com/bid/16752 http://news.postnuke.com/index.php?name=News&file=article&sid=2754 https://exchange.xforce.ibmcloud.com/vulnerabilities/24827 http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2003-1537`	vulnerable	2026-06-08 04:47:47.861474	Details available Directory traversal vulnerability in PostNuke 0.723 and earlier allows remote attackers to include arbitrary files named theme.php via the theme parameter to index.php. Published: 2007-11-14T02:00:00.000Z Updated: 2024-09-17T01:57:05.743Z Open on db.gcve.eu Reference links http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0117.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Postnuke

PURL mappings

Vulnerability references

Contribute