CVE-2004-1949
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via (1) the sif parameter to index.php in the Comments module or (2) timezoneoffset parameter to changeinfo.php in the Your_Account module.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2004-12-31 CVE Published
- 2005-05-04 CVE Reserved
- 2024-04-16 EPSS Updated
- 2024-08-08 CVE Updated
- 2024-08-08 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://marc.info/?l=bugtraq&m=108256503718978&w=2 | Mailing List | |
| http://secunia.com/advisories/11386 | Third Party Advisory | |
| http://securitytracker.com/id?1009801 | Vdb Entry | |
| http://www.osvdb.org/5368 | Vdb Entry | |
| http://www.osvdb.org/5369 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15869 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15875 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020154.html | 2024-08-08 |
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/bid/10146 | 2017-07-11 |
| URL | Date | SRC |
|---|---|---|
| http://news.postnuke.com/Article2580.html | 2017-07-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Postnuke Software Foundation Search vendor "Postnuke Software Foundation" | Postnuke Search vendor "Postnuke Software Foundation" for product "Postnuke" | 0.726 Search vendor "Postnuke Software Foundation" for product "Postnuke" and version "0.726" | - |
Affected
| ||||||