CyberSec.Space Logo
Back to CVE Browser

CVE-2001-1460

HIGH
7.5
CVSS Severity Score
EPSS Score0.0230%
EPSS Percentile40.26th
PublishedOct 13, 2001
Last ModifiedApr 16, 2026

Vulnerability Description

SQL injection vulnerability in article.php in PostNuke 0.62 through 0.64 allows remote attackers to bypass authentication via the user parameter.

Affected Platforms (CPE)

πŸ“¦
Postnuke Software Foundation

Postnuke

= 0.62
πŸ“¦
Postnuke Software Foundation

Postnuke

= 0.63
πŸ“¦
Postnuke Software Foundation

Postnuke

= 0.64

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/bugtraq/2001-10/0088.html
πŸ”— http://archives.neohapsis.com/archives/bugtraq/2001-10/0091.html
πŸ”— http://www.kb.cert.org/vuls/id/921547
πŸ”— http://www.securityfocus.com/bid/3435
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/7280
πŸ”— http://archives.neohapsis.com/archives/bugtraq/2001-10/0088.html
πŸ”— http://archives.neohapsis.com/archives/bugtraq/2001-10/0091.html
πŸ”— http://www.kb.cert.org/vuls/id/921547

Related Vulnerabilities

CVE-2007-038610.0

Unspecified vulnerability in the rating section in PostNuke 0.764 has unknown impact and attack vectors, related to "an interestin...

CVE-2007-03857.8

The faq section in PostNuke 0.764 allows remote attackers to obtain sensitive information (the full path) via "unvalidated output"...

CVE-2006-62677.8

PostNuke 0.7.5.0, and certain minor versions, allows remote attackers to obtain sensitive information via a non-numeric value of t...

CVE-2004-16687.5

Multiple SQL injection vulnerabilities in index.php in Subjects 2.0 Postnuke module allow remote attackers to execute arbitrary SQ...