Severity
Critical
Impact
Directory Traversal
Vulnerabilities
Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files under certain circumstances via the PNSVlang session variable which is included by error.php.
Credits
Kacper
Solution
Users should immediately update to 0.764. PostNuke versions 0.764 and later are unaffected.
PostNuke 0.764 Downloads
see Release Announcement.
Andreas Krapohl [larsneo]
PostNuke CMS Development
6127