Start ::
Entry Point ::
Announcements, Guidelines & Information ::
PostNuke Security Advisory PNSA 2005-1
Moderated by: Admins
PostNuke Security Advisory PNSA 2005-1
-
- rank:
-
Software Foundation
- registered:
- Status:
- offline
- last visit:
- 11.04.08
- Posts:
- 4435
Vulnerability : SQL injection, various missing input/output validations: 0.750+
PostNuke is an open source, open development content management system (CMS). PostNuke started as a fork from PHPNuke and provides many enhancements and improvements over the PHP-Nuke system. PostNuke is still undergoing development but a large number of core functions are now stabilising and a complete API for third-party developers (including ADODB database abstraction and Smarty templating) is in place.
The PostNuke Development Team was notified about a couple of security issues within the current .760RC2 and has decided to backport the fixes also to the stable .750 package.
Full advisory available at http://news.postnuke.com/Article2669.html
-----
regards from germany
..::[PostNuke CMS]::.. ..::[SEO-Blog]::.. ..::[CMS Sicherheit]::.. -
- rank:
-
Moderator
- registered:
- March 2002
- Status:
- offline
- last visit:
- 24.04.08
- Posts:
- 7647
Diffs for .726
http://cvs.postnuke.com/v...p.diff?r1=1.21&r2=1.22
http://cvs.postnuke.com/v...p.diff?r1=1.20&r2=1.21
http://cvs.postnuke.com/v...p.diff?r1=1.42&r2=1.43
http://cvs.postnuke.com/v...p.diff?r1=1.34&r2=1.35
http://cvs.postnuke.com/v...p.diff?r1=1.25&r2=1.26
http://cvs.postnuke.com/v...p.diff?r1=1.38&r2=1.39
I *think* but haven't tested (nor will) that the modules module fix can be applied directly. This module is no longer in cvs as it has been completely rebuilt for .760.
-Mark
Start ::
Entry Point ::
Announcements, Guidelines & Information ::
PostNuke Security Advisory PNSA 2005-1
|
