SECUNIA ADVISORY ID: SA22983
VERIFY ADVISORY: http://secunia.com/advisories/22983/
CRITICAL: Moderately critical
IMPACT: Exposure of sensitive information
SOFTWARE: PostNuke 0.x - http://secunia.com/product/350/
DESCRIPTION: A vulnerability has been reported in PostNuke, which can be exploited by malicious people to disclose sensitive information. Input passed to the "PNSVlang" variable is not properly sanitised before it is used to include files in error.php. This can be exploited to include arbitrary files via directory traversal attacks. The vulnerability is reported in versions prior to 0.764.
SOLUTION: Update to version 0.764.
PROVIDED AND/OR DISCOVERED BY: The vendor credits Kacper.
ORIGINAL ADVISORY: http://community.postnuke.com/index.php?name=News&file=article&sid=2787
PostNuke *error.php* Local File InclusionPosted on Tuesday, November 21, 2006 @ 07:48:08 CST in Postnuke Associated Topics
  |
Related
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
