漏洞信息详情
PostNuke NS-Languages模块SQL注入漏洞
- CNNVD编号:CNNVD-200602-305
- 危害等级: 中危
- CVE编号: CVE-2006-0801
- 漏洞类型: SQL注入
- 发布时间: 2006-02-20
- 威胁类型: 远程
- 更新时间: 2006-04-07
- 厂 商: postnuke_software_foundation
- 漏洞来源: Maksymilian Arciem...
漏洞简介
PostNuke 0.761及之前版本的NS-Languages模块中存在SQL注入漏洞。当magic_quotes_gpc关闭时,远程攻击者可以借助指向admin.php的language参数执行任意SQL命令。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
PostNuke Development Team PostNuke 0.62
PostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.HTML
PostNuke Development Team PostNuke 0.63
PostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.HTML
PostNuke Development Team PostNuke 0.64
PostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.HTML
PostNuke Development Team PostNuke 0.7
PostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.HTML
PostNuke Development Team PostNuke 0.70
PostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.HTML
PostNuke Development Team PostNuke 0.703
PostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.HTML
PostNuke Development Team PostNuke 0.71
PostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.HTML
PostNuke Development Team PostNuke 0.72
PostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.HTML
PostNuke Development Team PostNuke 0.721
PostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.HTML
PostNuke Development Team PostNuke 0.726 -3
PostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.HTML
PostNuke Development Team PostNuke 0.73
PostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.HTML
PostNuke Development Team PostNuke 0.74
PostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.HTML
PostNuke Development Team PostNuke 0.75
PostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.HTML
PostNuke Development Team PostNuke 0.75 -RC3
PostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.HTML
PostNuke Development Team PostNuke 0.76 RC4
PostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.HTML
PostNuke Development Team PostNuke 0.76 RC4b
PostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.HTML
PostNuke Development Team PostNuke 0.76 RC4a
PostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.HTML
Cisco Aironet 340 BR340 Firmware 0.761 a
PostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.HTML
Cisco Aironet 340 BR340 Firmware 0.761
PostNuke Development Team PostNuke 0.762.tar.gz
http://news.postnuke.com/Downloads-req-getit-lid-517.HTML
参考网址
来源: BID
名称: 16752
链接:http://www.securityfocus.com/bid/16752
来源: VUPEN
名称: ADV-2006-0673
链接:http://www.frsirt.com/english/advisories/2006/0673
来源: SECUNIA
名称: 18937
链接:http://secunia.com/advisories/18937
来源: XF
名称: postnuke-nslanguages-sql-injection(24827)
链接:http://xforce.iss.net/xforce/xfdb/24827
来源: SREASON
名称: 454
链接:http://securityreason.com/securityalert/454
来源: news.postnuke.com
链接:http://news.postnuke.com/index.php?name=News&file=article&sid=2754
来源: FULLDISC
名称: 20060219 Multiple vulnerabilities in PostNuke <=>
链接:http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.HTML
受影响实体
- Postnuke_software_foundation Postnuke:0.761
补丁
暂无
评论