vendor:
phProfession
by:
Unknown
7.5
CVSS
HIGH
Path disclosure, cross-site scripting, SQL injection
200, 79, 89
CWE
Product Name: phProfession
Affected Version From: phProfession 2.5
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: a:postnuke:phprofession
Platforms Tested: Unknown
Unknown
Multiple vulnerabilities in phProfession
Multiple vulnerabilities were reported to exist in phProfession, which is a third-party module for PostNuke. Path disclosure, cross-site scripting, and SQL injection vulnerabilities were reported. Exploitation of these issues may reveal sensitive information, allow for account hijacking, content manipulation, and attacks against the underlying database.
Mitigation:
Upgrade to a patched version of phProfession.