CVE-2005-1698

Name of the Vulnerable Software and Affected Versions PostNuke versions 0.750 through 0.760RC3

Description The issue allows remote attackers to obtain sensitive information via direct requests to various files, including theme.php and Xanthia.php in the Xanthia module, multiple files in the pnblocks directory in the Blocks module, config.php in the NS-Multisites module, and xmlrpc.php. These requests can reveal the path in an error message.

Recommendations For PostNuke versions 0.750 through 0.760RC3, consider restricting access to the sensitive files and directories, such as the Xanthia module, Blocks module, NS-Multisites module, and the xmlrpc.php file, to minimize the risk of exploitation. As a temporary workaround, disable the execution of these files until a patch is available.