Start ::
Entry Point ::
Announcements, Guidelines & Information ::
PostNuke Security Advisory 2005-5
Moderated by: Admins
PostNuke Security Advisory 2005-5
-
- rank:
-
Steering Committee
- registered:
- December 2002
- Status:
- offline
- last visit:
- 09.05.08
- Posts:
- 13324
Anonymous posting via Comments module (used in PostNuke CMS < 0.761)
DESCRIPTION
PostNuke CMS is an open source, open development content management system (CMS). PostNuke CMS is still undergoing development but a large number of core functions are now stabilising and a complete API for third-party developers (including ADODB database abstraction and SMARTY templating) is in place. A PostNuke CMS Development Team member discovered a vulnerability in the Comments module within the 0.7x release cycle.
VULNERABILTIES
- Anonymous users can add comments without being required to log in.
SOLUTION
It is recommended that all admins upgrade to PostNuke CMS Platinum
Edition 0.761
The hash sums for the PostNuke CMS Platinum Edition 0.761 are:
MD5
4b76e09c507db0224d34fc448e7efb91 PostNuke-0.761.tar.gz
c4090097b26caa38115540e24378e9b4 PostNuke-0.761.zip
SHA1
b69d9bfabb5c8641e4b5dd9e9ee6f5803d86c41d PostNuke-0.761.tar.gz
79869b9a7003ac9046788cebad23135f68eef648 PostNuke-0.761.zip
Download from http://downloads.postnuke.com
CREDITS
The exploit was originally discovered by Devin Hayes (InvalidResponse)
Drak [drak]
PostNuke CMS Development Team
-----
Regards,
Simon
itbegins.co.uk - PostNuke Consulting
Please read the Support Guide
Start ::
Entry Point ::
Announcements, Guidelines & Information ::
PostNuke Security Advisory 2005-5
|
