CVE-2005-1621

Name of the Vulnerable Software and Affected Versions PostNuke versions 0.750 through 0.760rc4

Description The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the pnModFunc function in pnMod.php. This is achieved by including a .. (dot dot) in the func parameter to "index.php".

Recommendations For PostNuke versions 0.750 through 0.760rc4, consider restricting access to the pnModFunc function in pnMod.php until a patch is available. As a temporary workaround, avoid using the func parameter in the "index.php" endpoint to minimize the risk of exploitation.