9 lines
No EOL
572 B
Text
9 lines
No EOL
572 B
Text
source: https://www.securityfocus.com/bid/10190/info
|
|
|
|
Multiple vulnerabilities were reported to exist in phProfession, which is a third-party module for PostNuke. Path disclosure, cross-site scripting and SQL injection vulnerabilities were reported.
|
|
|
|
Exploitation of these issues may reveal sensitive information, allow for account hijacking, content manipulation and attacks against the underlying database.
|
|
|
|
These issues were reported to exist in phProfession 2.5. Other versions may also be affected.
|
|
|
|
http://www.example.com/postnuke0726/modules/phprofession/upload.php |