VULNERABILTIES
- Local file inclusion via GeSHi library contained in the pn_bbcode library
SOLUTION
It is recommended that all admins remove
./modules/pn_bbcode/pnincludes/contrib/example.php
from the filesystem.
Additionally PostNuke CMS Platinum Edition 0.761 contains an updated version of GeSHi.
The hash sums for the PostNuke CMS Platinum Edition 0.761 are:
MD5
4b76e09c507db0224d34fc448e7efb91 PostNuke-0.761.tar.gz
c4090097b26caa38115540e24378e9b4 PostNuke-0.761.zip
SHA1
b69d9bfabb5c8641e4b5dd9e9ee6f5803d86c41d PostNuke-0.761.tar.gz
79869b9a7003ac9046788cebad23135f68eef648 PostNuke-0.761.zip
Download from
http://downloads.postnuke.com
CREDITS
The exploit was originally found by Maksymilian Arciemowicz ( cXIb8O3 ) and was reported via security contact.
Drak [drak]
PostNuke CMS Development Team
11930