vendor:
phProfession
by:
7.5
CVSS
HIGH
Path disclosure, cross-site scripting, SQL injection
CWE
Product Name: phProfession
Affected Version From: 2.5
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
Multiple vulnerabilities in phProfession module for PostNuke
Multiple vulnerabilities were reported in phProfession module for PostNuke. These vulnerabilities include path disclosure, cross-site scripting, and SQL injection. Exploitation of these vulnerabilities can lead to sensitive information disclosure, account hijacking, content manipulation, and attacks against the underlying database.
Mitigation:
Upgrade to a patched version of phProfession module.