PostNuke

Flexible Content Management System

News

PostNuke Security Advisory 2005-4

Contributed by on Sep 28, 2005 - 02:17 AM

VULNERABILTIES

- Local file inclusion via GeSHi library contained in the pn_bbcode library



SOLUTION

It is recommended that all admins remove

./modules/pn_bbcode/pnincludes/contrib/example.php

from the filesystem.

Additionally PostNuke CMS Platinum Edition 0.761 contains an updated version of GeSHi.



The hash sums for the PostNuke CMS Platinum Edition 0.761 are:



MD5

4b76e09c507db0224d34fc448e7efb91 PostNuke-0.761.tar.gz

c4090097b26caa38115540e24378e9b4 PostNuke-0.761.zip



SHA1

b69d9bfabb5c8641e4b5dd9e9ee6f5803d86c41d PostNuke-0.761.tar.gz

79869b9a7003ac9046788cebad23135f68eef648 PostNuke-0.761.zip



Download from http://downloads.postnuke.com



CREDITS

The exploit was originally found by Maksymilian Arciemowicz ( cXIb8O3 ) and was reported via security contact.





Drak [drak]

PostNuke CMS Development Team
11930