search menu icon-carat-right cmu-wordmark

CERT Coordination Center

PostNuke does not adequately validate user input thereby allowing malicious user to bypass user authentication via SQL injection

Vulnerability Note VU#921547

Original Release Date: 2002-09-27 | Last Revised: 2002-09-27


PostNuke does not adequately filter user input, allowing arbitrary MySQL query execution and user authentication without password.


PostNuke is a web content management system based on PHPNuke, written in PHP. The article.php component of PostNuke versions 0.62, 0.63, and 06.4 do not adequately filter the "user" CGI variable before passing it to a MySQL query. Attackers may exploit this vulnerability to execute arbitrary MySQL queries.

In addition, the vulnerable MySQL query is used to authenticate users. By knowing only a PostNuke username and ID, attackers may tamper with the MySQL query to achieve a positive authentication result for that PostNuke user.


Attackers may execute arbitrary MySQL queries and login as other users without passwords.


Apply a patch

Upgrade to PostNuke 0.71, available at:

Vendor Information


Postnuke Affected

Updated:  September 25, 2002



Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group Score Vector



Thanks to Magnus Skjegstad for reporting this vulnerability.

This document was written by Shawn Van Ittersum.

Other Information

CVE IDs: None
Severity Metric: 4.70
Date Public: 2001-10-13
Date First Published: 2002-09-27
Date Last Updated: 2002-09-27 16:12 UTC
Document Revision: 4

Sponsored by CISA.