| VID |
21694 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The PostNuke software is vulnerable to multiple vulnerabilities (3) in multiple scripts. PostNuke, developed by Francisco Burzi, is a freely available, open source PHP-based content management system (CMS). PostNuke versions 0.760-RC4b and earlier are vulnerable to multiple input validation vulnerabilities, which can be exploited by a remote attacker to conduct cross-site scripting and SQL injection attacks.
1) An SQL Injection Vulnerability: Input passed to the "show" parameter of the "modules/Downloads/dl-viewdownload.php" module isn't properly sanitized before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
2) Multiple Cross-Site Scripting Vulnerabilities: Input passed to the "moderate" parameter of the
"Comments" module and the "htmltext" parameter of the "user.php" script isn't properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.
* References:
http://www.securityreason.com/adv/PN15.asc
http://archives.neohapsis.com/archives/bugtraq/2005-08/0288.html
* Platforms Affected:
Francisco Burzi, PostNuke versions 0.760-RC4b and earlier
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of PostNuke (0.760 or later), available from the PostNuke Download Web page at http://news.postnuke.com/Downloads-req-viewdownload-cid-1.html |
| Related URL |
CVE-2005-2689,CVE-2005-2690 (CVE) |
| Related URL |
14635,14636 (SecurityFocus) |
| Related URL |
21965,21966 (ISS) |
|
