Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

Multiple Vulnerabilities in PostNuke <= 0.760 RC4b Vulnerability Scan

Vulnerability Scan Summary
Detects multiple vulnerabilities in PostNuke <= 0.760 RC4b

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP script that is prone to several

Description :

The remote host appears to be running PostNuke version 0.760 RC4b or
older. These versions suffer from several vulnerabilities :

- Multiple Cross-Site Scripting Vulnerabilities
A possible hacker can inject arbitrary HTML and script
code into the browser of users by manipulating
input to the 'moderate' parameter of the
'Comments' module and the 'htmltext' parameter
of the 'user.php' script.

- A SQL Injection Vulnerability
The application fails to launder user-supplied
input to the 'show' parameter in the
'modules/Downloads/dl-viewdownload.php' module.
Provided a possible hacker has admin rights, he can
exploit this issue to manipulate SQL queries.

See also :

Solution :

Upgrade to PostNuke version 0.760 or later.

Threat Level:

Low / CVSS Base Score : 2

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.