PT-2007-1856 · Postnuke · Postnuke
Published
2007-01-19
·
Updated
2008-11-13
·
CVE-2007-0385
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
PostNuke version 0.764
Description:
The issue in PostNuke allows remote attackers to obtain sensitive information, specifically the full path, via unvalidated output in the FAQ section, possibly involving an undefined
id cat variable in FAQ/index.php.Recommendations:
For PostNuke version 0.764, consider validating the output in the FAQ section to prevent the disclosure of sensitive information, and define the
id cat variable to prevent its undefined use.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Postnuke