| VID |
210049 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The PostNuke program is vulnerable to a local file include vulnerability in the Pagesetter module. PostNuke, developed by Francisco Burzi, is a freely available, open source PHP-based content management system (CMS). Pagesetter is a PostNuke module that allows the web site administrators to create their own types of publications. Pagesetter module for PostNuke versions prior to 6.3.0 could allow a remote attacker to view arbitrary files on the system, caused by improper validation of user-supplied input passed to the 'id' parameter before using it to display a file in the function 'pagesetter_file_preview()' of the script 'pnfile.php'. An attacker could send a specially-crafted request to the index.php script containing "dot dot" sequences (/../) in the id parameter to read arbitrary files on the affected host.
* References:
http://www.securityfocus.com/archive/1/461339/30/0/threaded
http://www.elfisk.dk/index.php?module=pagesetter&func=viewpub&tid=7&pid=125
http://www.frsirt.com/english/advisories/2007/0758
http://secunia.com/advisories/24299
* Platforms Affected:
Jorn Wildt, Pagesetter module for PostNuke 6.2.0
Jorn Wildt, Pagesetter module for PostNuke 6.3.0 beta 5
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Pagesetter (6.3.0 or later), available from the Jorn Wildt Web page at http://www.elfisk.dk/ |
| Related URL |
CVE-2007-1158 (CVE) |
| Related URL |
22733 (SecurityFocus) |
| Related URL |
32695 (ISS) |
|
