| VID |
21616 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The version of 'AutoTheme for PostNuke' on the Web server has an unauthorized access vulnerability. AutoTheme is an HTML Theme System for the PostNuke and PHP-Nuke CMS. AutoTheme 1.7 and AT-Lite .8 for PostNuke could allow a remote attacker to gain unauthorized access to the Blocks module, caused by several security vulnerabilities in the modules/Blocks/pnadmin.php script.
* Note: This check solely relied on the version number of the AutoTheme for PostNuke installed on the remote web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.securitytracker.com/alerts/2005/May/1013908.html
http://spidean.mckenzies.net/Article314.phtml
* Platforms Affected:
Shawn McKenzie and Spidean, AutoTheme 1.7
Shawn McKenzie and Spidean, AutoTheme AT-Lite .8
Any operating system Any version |
| Recommendation |
Apply the fix, available from the AutoTheme Web site at http://spidean.mckenzies.net/FAQ-Category1-AutoTheme-Parent0-myfaq-yes.phtml
-- OR --
Upgrade to the latest version of AutoTheme (greater than AutoTheme 1.7 or AutoTheme AT-Lite .8), when new version fixed this problem becomes available from the AutoTheme Web site at http://spidean.mckenzies.net/ |
| Related URL |
CVE-2005-1608 (CVE) |
| Related URL |
13539 (SecurityFocus) |
| Related URL |
20490 (ISS) |
|
