PostNuke Multiple Module Direct Request Authentication Bypass

2006-02-19T05:32:43
ID OSVDB:23434
Type osvdb
Reporter OSVDB
Modified 2006-02-19T05:32:43

Description

Solution Description

Upgrade to version .762 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Manual Testing Notes

http://[target]/[path]/admin.php?module=NS-Languages http://[target]/[path]/admin.php?module=Banners

References:

Vendor URL: http://www.postnuke.com/ Vendor Specific News/Changelog Entry: http://news.postnuke.com/index.php?name=News&file=article&sid=2754 Secunia Advisory ID:18937 Related OSVDB ID: 23436 Related OSVDB ID: 23433 Related OSVDB ID: 23435 Other Advisory URL: http://securityreason.com/achievement_securityalert/33 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html FrSIRT Advisory: ADV-2006-0673 CVE-2006-0800 Bugtraq ID: 16752