Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-1949

Description

SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via (1) the sif parameter to index.php in the Comments module or (2) timezoneoffset parameter to changeinfo.php in the Your_Account module.

Affected products

Phpnuke/Postnuke
cpe:2.3:a:postnuke_software_foundation:postnuke:0.726:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/10146nvdPatch
lists.grok.org.uk/pipermail/full-disclosure/2004-April/020154.htmlnvdExploit
news.postnuke.com/Article2580.htmlnvdVendor Advisory
marc.infonvd
secunia.com/advisories/11386nvd
securitytracker.com/idnvd
www.osvdb.org/5368nvd
www.osvdb.org/5369nvd
exchange.xforce.ibmcloud.com/vulnerabilities/15869nvd
exchange.xforce.ibmcloud.com/vulnerabilities/15875nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000