| VID |
21843 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The installed version of PostNuke software seems to be a version prior to 0.762. PostNuke, developed by Francisco Burzi, is a freely available, open source PHP-based content management system (CMS). PostNuke versions prior to 0.762 are vulnerable to multiple input validation vulnerabilities, which can be exploited by a remote attacker to conduct cross-site scripting and SQL injection attacks.
1) SQL injection vulnerability in the NS-Languages module for PostNuke, when magic_quotes_gpc is off, allows a remote attacker to execute arbitrary SQL commands via the language parameter.
2) Cross-site scripting (XSS) vulnerability: This vulnerability allows a remote attacker to inject arbitrary web script or HTML via the "htmltext" parameter in user.php and the "language" parameter in the NS-Languages module.
* References:
http://news.postnuke.com/index.php?name=News&file=article&sid=2754
http://securityreason.com/achievement_securityalert/33
http://securityreason.com/securityalert/454
http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042360.html
http://news.postnuke.com/index.php?name=News&file=article&sid=2754
http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html
http://www.frsirt.com/english/advisories/2006/0673
http://secunia.com/advisories/18937/
* Platforms Affected:
Francisco Burzi, PostNuke version 0.761 and earlier versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of PostNuke (0.762 or later), available from the PostNuke Download Web page at http://sourceforge.net/projects/post-nuke/ |
| Related URL |
CVE-2006-0801,CVE-2006-0802 (CVE) |
| Related URL |
16752 (SecurityFocus) |
| Related URL |
24823,24827 (ISS) |
|
