Security Advisory

CVE-2008-1591

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2008-03-31 23:00:00

Last updated 2024-08-07 08:24:42

Assigner mitre

State PUBLISHED

Description

The pnVarPrepForStore function in PostNuke 0.764 and earlier skips input sanitization when magic_quotes_runtime is enabled, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via input associated with server variables, as demonstrated by the CLIENT_IP HTTP header (HTTP_CLIENT_IP variable).

← Browse all CVEs View on cve.org ↗