Postnuke · Postnuke · CVE-2007-1158
**Name of the Vulnerable Software and Affected Versions**
Pagesetter module for PostNuke versions 6.2.0 through 6.3.0 beta 5
**Description**
The issue allows remote attackers to read arbitrary files via a .. (dot dot) in the `id` parameter of the index.php file. This is a directory traversal vulnerability.
**Recommendations**
For versions 6.2.0 through 6.3.0 beta 5, consider restricting access to the index.php file until a patch is available. As a temporary workaround, avoid using the `id` parameter in the affected index.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.