Description
PostNuke is an Open Source, open-development content management system (CMS). PostNuke is still undergoing development, but a large number of core functions are now stabilizing and a complete API for third-party developers is now implemented. The PostNuke Development Team has been notified about a vulnerability in the 0.763 version of PostNuke.
Severity
Critical
Impact
Directory Traversal
Vulnerabilities
Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files under certain circumstances via the PNSVlang session variable which is included by error.php.
Credits
Kacper
Solution
Users should immediately update to 0.764. PostNuke versions 0.764 and later are unaffected.
PostNuke 0.764 Downloads
see Release Announcement.
Andreas Krapohl [larsneo]
PostNuke CMS Development
CVE Reference: CVE-2006-5733
|
1 Comments so far
(Latest comments
)
1. kinggame wrote on Feb 02, 2007 at 04:40 PM
thank you it's perfect