Detections
Analytics

PostNuke AutoTheme Module Multiple Unspecified Vulnerabilities

high Nessus Plugin ID 18300

Language:

Synopsis

The remote web server contains a PHP script that suffers from multiple issues.

Description

According to its banner, the version of AutoTheme for PostNuke on the remote host suffers from multiple, unspecified vulnerabilities affecting the 'Blocks' module. Reportedly, some of these issues may allow a remote attacker to gain unauthorized access to the remote host.

Note that the recommended security fix does not alter AutoTheme's banner so if you know for certain that it's been applied, treat this as a false positive.

Solution

Apply the Blocks module Security Fix referenced in the URL or upgrade to a newer version of the software when available.

See Also

http://community.postnuke.com/Article2687.htm

Plugin Details

Severity: High

ID: 18300

File Name: postnuke_autotheme_mult_vulns.nasl

Version: 1.20

Type: remote

Family: CGI abuses

Published: 5/19/2005

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:spidean:autotheme, cpe:/a:spidean:at-lite

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 5/6/2005

Reference Information

CVE: CVE-2005-1608

BID: 13539