SECUNIA ADVISORY ID: SA22983
VERIFY ADVISORY: http://secunia.com/advisories/22983/
CRITICAL: Moderately critical
IMPACT: Exposure of sensitive information
SOFTWARE: PostNuke 0.x - http://secunia.com/product/350/
DESCRIPTION: A vulnerability has been reported in PostNuke, which can be exploited by malicious people to disclose sensitive information. Input passed to the "PNSVlang" variable is not properly sanitised before it is used to include files in error.php. This can be exploited to include arbitrary files via directory traversal attacks. The vulnerability is reported in versions prior to 0.764.
SOLUTION: Update to version 0.764.
PROVIDED AND/OR DISCOVERED BY: The vendor credits Kacper.
ORIGINAL ADVISORY: http://community.postnuke.com/index.php?name=News&file=article&sid=2787
|
This article comes from Ravens PHP Scripts
https://www.ravenphpscripts.com
The URL for this story is:
https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=2516
https://www.ravenphpscripts.com
The URL for this story is:
https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=2516