VYPR
Unrated severityNVD Advisory· Published Mar 31, 2008· Updated Jun 16, 2026

CVE-2008-1591

CVE-2008-1591

Description

The pnVarPrepForStore function in PostNuke 0.764 and earlier skips input sanitization when magic_quotes_runtime is enabled, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via input associated with server variables, as demonstrated by the CLIENT_IP HTTP header (HTTP_CLIENT_IP variable).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Postnuke/Postnuke2 versions
    cpe:2.3:a:postnuke:postnuke:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:postnuke:postnuke:*:*:*:*:*:*:*:*range: <=0.764
    • (no CPE)range: <=0.764

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.