CVE-2010-1713
PostNuke 0.764 - SQL Injection via News Article modload sid Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2010-1713. PoCs published by BILGE_KAGAN.
AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in PostNuke 0.764 via the 'sid' parameter in the 'modload' module. The PoC extracts user credentials (username and password) from the 'nuke_users' table using a UNION-based SQL injection.
Description
SQL injection vulnerability in modules.php in PostNuke 0.764 allows remote attackers to execute arbitrary SQL commands via the sid parameter in a News article modload action.
Exploits (1)
This exploit demonstrates a SQL injection vulnerability in PostNuke 0.764 via the 'sid' parameter in the 'modload' module. The PoC extracts user credentials (username and password) from the 'nuke_users' table using a UNION-based SQL injection.