CVE-2007-1158

Name of the Vulnerable Software and Affected Versions Pagesetter module for PostNuke versions 6.2.0 through 6.3.0 beta 5

Description The issue allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter of the index.php file. This is a directory traversal vulnerability.

Recommendations For versions 6.2.0 through 6.3.0 beta 5, consider restricting access to the index.php file until a patch is available. As a temporary workaround, avoid using the id parameter in the affected index.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.