| VID |
21405 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The pnTresMailer PostNuke module is vulnerable to a directory traversal attack.
pnTresMailer is a newsletter module for use with the PostNuke CMS. PnTresMailer code browser version 6.03 has a directory traversal vulnerability, due to a failure of the application to properly sanitize user-supplied input data. A remote attacker could send a specially-crafted URL to pnTresMailer to view the contents of arbitrary files with the privilege of the web server process.
* References:
http://www.securityfocus.com/archive/1/382410
* Platforms Affected:
canvas.anubix.net, PnTresMailer 6.03
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of December 2004.
Upgrade to the new version of pnTresMailer, when new version fixed this problem becomes available from the pnTresMailer Download Web site at http://canvas.anubix.net/modules.php?op=modload&name=Downloads&file=index&req=viewdownload&cid=15 |
| Related URL |
CVE-2004-1206 (CVE) |
| Related URL |
11767 (SecurityFocus) |
| Related URL |
18263 (ISS) |
|
