CyberSec.Space Logo
Back to CVE Browser

CVE-2007-0385

HIGH
7.8
CVSS Severity Score
EPSS Score0.0420%
EPSS Percentile32.71th
PublishedJan 19, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

The faq section in PostNuke 0.764 allows remote attackers to obtain sensitive information (the full path) via "unvalidated output" in FAQ/index.php, possibly involving an undefined id_cat variable.

Affected Platforms (CPE)

πŸ“¦
Postnuke Software Foundation

Postnuke

= 0.764

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html
πŸ”— http://noc.postnuke.com/plugins/scmsvn/viewcvs.php/trunk/Historic/PostNuke7x/html/modules/?root=postnuke
πŸ”— http://noc.postnuke.com/plugins/scmsvn/viewcvs.php/trunk/Historic/PostNuke7x/html/modules/FAQ/index.php?root=postnuke&r1=20350&r2=20911
πŸ”— http://osvdb.org/35472
πŸ”— http://www.hackers.ir/advisories/festival.txt
πŸ”— http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html
πŸ”— http://noc.postnuke.com/plugins/scmsvn/viewcvs.php/trunk/Historic/PostNuke7x/html/modules/?root=postnuke
πŸ”— http://noc.postnuke.com/plugins/scmsvn/viewcvs.php/trunk/Historic/PostNuke7x/html/modules/FAQ/index.php?root=postnuke&r1=20350&r2=20911

Related Vulnerabilities

CVE-2007-038610.0

Unspecified vulnerability in the rating section in PostNuke 0.764 has unknown impact and attack vectors, related to "an interestin...

CVE-2006-62677.8

PostNuke 0.7.5.0, and certain minor versions, allows remote attackers to obtain sensitive information via a non-numeric value of t...

CVE-2002-10707.5

Cross-site scripting vulnerability in PHPWiki Postnuke wiki module allows remote attackers to execute script as other PHPWiki user...

CVE-2001-14607.5

SQL injection vulnerability in article.php in PostNuke 0.62 through 0.64 allows remote attackers to bypass authentication via the ...