CVE-2004-1949

N/A Unknown

Published: December 31, 2004 Modified: April 16, 2026

Description

SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via (1) the sif parameter to index.php in the Comments module or (2) timezoneoffset parameter to changeinfo.php in the Your_Account module.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020154.html

Source: cve@mitre.org

Exploit

http://marc.info/?l=bugtraq&m=108256503718978&w=2

Source: cve@mitre.org

http://news.postnuke.com/Article2580.html

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/11386

Source: cve@mitre.org

http://securitytracker.com/id?1009801

Source: cve@mitre.org

http://www.osvdb.org/5368

Source: cve@mitre.org

http://www.osvdb.org/5369

Source: cve@mitre.org

http://www.securityfocus.com/bid/10146

Source: cve@mitre.org

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/15869

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/15875

Source: cve@mitre.org

http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020154.html