PostNuke Directory Traversal and Comment Bypass Vulnerabilities

[TJ]

* Technical Description *

Two vulnerabilities were identified in PostNuke, which could be exploited by remote attackers to gain knowledge of sensitive information or bypass certain security policies.

This first issue is due to an error in the "contrib/example.php" script of the GeSHi library that does not properly validate a specially crafted "language" parameter, which could be exploited by attackers to cause contents of arbitrary files to be exposed. For additional information, see : FrSIRT/ADV-2005-1813

The second flaw is due to an unspecified error in the "comments" module, which could be exploited by attackers to add comments.

 * Affected Products *

PostNuke versions prior to 0.761

 * Solution *

Upgrade to PostNuke version 0.761 :
http://downloads.postnuke.com/

 * References *

http://www.frsirt.com/english/advisories/2005/1875
http://news.postnuke.com/index.php?name=News&file=article&sid=2726
http://news.postnuke.com/index.php?name=News&file=article&sid=2727