10 lines
No EOL
607 B
Text
10 lines
No EOL
607 B
Text
source: https://www.securityfocus.com/bid/10190/info
|
|
|
|
Multiple vulnerabilities were reported to exist in phProfession, which is a third-party module for PostNuke. Path disclosure, cross-site scripting and SQL injection vulnerabilities were reported.
|
|
|
|
Exploitation of these issues may reveal sensitive information, allow for account hijacking, content manipulation and attacks against the underlying database.
|
|
|
|
These issues were reported to exist in phProfession 2.5. Other versions may also be affected.
|
|
|
|
|
|
http://www.example.com/postnuke0726/modules.php?op=modload&name=phprofession&file=index&offset=foobar |