This flaw is due to an input validation error in the Blocks Module when handling a specially crafted "func" variable containing "..\" sequences, which may be exploited remotely to conduct directory traversal attacks.
http://server/index.php?module=Blocks&type=lang&func=../dir
* Affected Products *
PostNuke version 0.76-RC4 and prior
* Solution *
Patches are available via CVS :
http://cvs.postnuke.com/viewcvs.cgi/Historic_PostNuke_Library/postnuke-devel/html/includes/pnMod.php.diff?r1=1.47&r2=1.48
http://cvs.postnuke.com/viewcvs.cgi/Historic_PostNuke_Library/postnuke-devel/html/index.php.diff?r1=1.39&r2=1.40
2005-05-17 : Original Advisory
*******************************************
This was found by my webhost and posted to my webhost's support/security forums two days ago. I just found it today. The changelogs above have a number of changes in them.
To Admin: Is this worth making a deal over?
1755