PostNuke Error.PHP Local File Include Vulnerability
BID:21218
Info
PostNuke Error.PHP Local File Include Vulnerability
| Bugtraq ID: | 21218 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-5733 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 21 2006 12:00AM |
| Updated: | Nov 23 2006 09:25PM |
| Credit: | Kacper is credited with the discovery of this vulnerability. |
| Vulnerable: |
PostNuke PostNuke CMS 0.763 PostNuke PostNuke CMS 0.762 |
| Not Vulnerable: |
PostNuke PostNuke CMS 0.764 |
Discussion
PostNuke Error.PHP Local File Include Vulnerability
PostNuke is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
Exploiting this issue may allow an unauthorized user to view files and execute local scripts.
PostNuke 0.763 and prior versions are vulnerable to this issue.
PostNuke is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
Exploiting this issue may allow an unauthorized user to view files and execute local scripts.
PostNuke 0.763 and prior versions are vulnerable to this issue.
Exploit / POC
PostNuke Error.PHP Local File Include Vulnerability
Attackers can exploit this issue via a web client.
Attackers can exploit this issue via a web client.
Solution / Fix
PostNuke Error.PHP Local File Include Vulnerability
Solution:
The vendor released an advisory and version 0.764 to address this issue. Please see the references for more information.
Solution:
The vendor released an advisory and version 0.764 to address this issue. Please see the references for more information.
References
PostNuke Error.PHP Local File Include Vulnerability
References:
References:
- PostNuke Security Advisory PNSA2006-3 (PostNuke)
- Vendor Home Page (PostNuke)