GCVE - cpe:2.3:a:postnuke_software_foundation:postnuke:0.762:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:postnuke_software_foundation:postnuke:0.762:*:*:*:*:*:*:*

part: a version: 0.762 update: *

Vendor	Postnuke Software Foundation (`21b6129d-c94c-5024-82e8-294af50c7a1c`)
Product	Postnuke (`75d3baf4-73b7-56b8-ac69-6cbff3807dd9`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2006-6233`	vulnerable	2026-06-08 04:49:22.334276	Details available SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php, but PostNuke 0.764 does not appear to have this issue. Published: 2006-12-02T11:00:00.000Z Updated: 2024-08-07T20:19:35.170Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/437832/100/200/threaded http://securityreason.com/securityalert/1952 https://exchange.xforce.ibmcloud.com/vulnerabilities/27501	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-5733`	vulnerable	2026-06-08 04:49:21.158964	Details available Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php. Published: 2006-11-06T18:00:00.000Z Updated: 2024-08-07T20:04:54.583Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/2707 http://secunia.com/advisories/22983 http://www.securityfocus.com/bid/21218 http://community.postnuke.com/Article2787.htm https://exchange.xforce.ibmcloud.com/vulnerabilities/29992	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-5121`	vulnerable	2026-06-08 04:49:19.725178	Details available SQL injection vulnerability in modules/Downloads/admin.php in the Admin section of PostNuke 0.762 allows remote attackers to execute arbitrary SQL commands via the hits parameter. Published: 2006-10-02T20:00:00.000Z Updated: 2024-08-07T19:41:04.219Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/29271 http://securityreason.com/securityalert/1669 http://community.postnuke.com/index.php?name=News&file=article&sid=2783 http://secunia.com/advisories/22197 http://www.securityfocus.com/bid/20317	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Postnuke

PURL mappings

Vulnerability references

Contribute