The following was posted on June 29th in
PNSA 2005-3:
DESCRIPTION
PostNuke CMS is an open source, open development content management system (CMS). PostNuke CMS started as a fork from PHPNuke and provides many enhancements and improvements over the PHP-Nuke system.
PostNuke CMS is still undergoing development but a large number of core functions are now stabilising and a complete API for third-party developers (including ADODB database abstraction and SMARTY templating) is in place.
The PostNuke CMS Development Team was notified about a security issue within the current .750 stable package and the .760 development tree.
VULNERABILTIES
- remote code injection via xml rpc library
SOLUTION
It is recommended that all admins deactivate and remove the 'xmlrpc' module within administration-modules and additionaly remove /xmlrpc.php and and the /modules/xmlrpc folder completly from the filesystem.
Andreas Krapohl [larsneo]
PostNuke CMS Development Team
16298