CVE-2005-1698
First published: Tue May 24 2005(Updated: )
PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitive information via a direct request to (1) theme.php or (2) Xanthia.php in the Xanthia module, (3) user.php, (4) thelang.php, (5) text.php, (6) html.php, (7) menu.php, (8) finclude.php, or (9) button.php in the pnblocks directory in the Blocks module, (10) config.php in the NS-Multisites (aka Multisites) module, or (11) xmlrpc.php, which reveals the path in an error message.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Postnuke Software Foundation Postnuke | =0.760_rc3 | |
| Postnuke Software Foundation Postnuke | =0.750 | |
| Postnuke Postnuke | =0.750 | |
| Postnuke Postnuke | =0.760-rc3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/author
- agent/severity
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/softwarecombine
- agent/tags
- agent/event
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/postnuke software foundation
- canonical/postnuke software foundation postnuke
- version/postnuke software foundation postnuke/0.760_rc3
- version/postnuke software foundation postnuke/0.750
- vendor/postnuke
- canonical/postnuke postnuke
- version/postnuke postnuke/0.750
- version/postnuke postnuke/0.760-rc3