PostNuke PNUser.PHP Local File Include Vulnerability
BID:20897
Info
PostNuke PNUser.PHP Local File Include Vulnerability
| Bugtraq ID: | 20897 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 03 2006 12:00AM |
| Updated: | Nov 22 2006 10:05PM |
| Credit: | Kacper is credited with the discovery of this vulnerability. |
| Vulnerable: |
PostNuke PostNuke CMS 0.763 PostNuke PostNuke CMS 0.762 |
| Not Vulnerable: |
PostNuke PostNuke CMS 0.764 |
Discussion
PostNuke PNUser.PHP Local File Include Vulnerability
PostNuke is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
Exploiting this issue may allow an unauthorized user to view files and execute local scripts.
PostNuke 0.763 and prior versions are vulnerable to this issue.
PostNuke is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
Exploiting this issue may allow an unauthorized user to view files and execute local scripts.
PostNuke 0.763 and prior versions are vulnerable to this issue.
Exploit / POC
PostNuke PNUser.PHP Local File Include Vulnerability
Attackers can exploit this issue via a web client.
The following exploit code is available:
Attackers can exploit this issue via a web client.
The following exploit code is available:
Solution / Fix
PostNuke PNUser.PHP Local File Include Vulnerability
Solution:
Please refer to the references for more information.
Solution:
Please refer to the references for more information.
References
PostNuke PNUser.PHP Local File Include Vulnerability
References:
References:
- PostNuke Security Advisory PNSA2006-3 (PostNuke)
- Vendor Home Page (PostNuke)