PT-2005-2600 · Postnuke · Postnuke
Pokley
·
Published
2005-05-16
·
Updated
2016-10-18
·
CVE-2005-1621
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
PostNuke versions 0.750 through 0.760rc4
Description
The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the pnModFunc function in pnMod.php. This is achieved by including a .. (dot dot) in the
func parameter to "index.php".Recommendations
For PostNuke versions 0.750 through 0.760rc4, consider restricting access to the pnModFunc function in pnMod.php until a patch is available. As a temporary workaround, avoid using the
func parameter in the "index.php" endpoint to minimize the risk of exploitation.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Postnuke