| VID |
21322 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The installation script of the Post-Nuke content management system (CMS) is accessible. PostNuke, developed by Francisco Burzi, is a PHP content management system with a MySQL database. PostNuke versions 0.73x through 0.75 GOLD could allow a remote attacker to obtain sensitive information using the install.php file. It is reported that many Post-Nuke sites fail to remove the 'install.php' file after installation. A remote attacker could access the install.php file to reconfigure the Post-Nuke installation and obtain the administrator's username and password information.
* References:
http://www.securitytracker.com/alerts/2004/Jul/1010755.html
* Platforms Affected:
Francisco Burzi, PostNuke 0.73x to 0.75 GOLD
Windows Any version
Unix Any version
Linux Any version |
| Recommendation |
No upgrade or patch available as of June 2014.
As a workaround, recommend that delete the install.php file. |
| Related URL |
(CVE) |
| Related URL |
10793 (SecurityFocus) |
| Related URL |
16787 (ISS) |
|
