PostNuke <= 0.760 RC4b Multiple Vulnerabilities

medium Nessus Plugin ID 19545

Synopsis

The remote web server contains a PHP script that is prone to several attacks.

Description

The remote host appears to be running PostNuke version 0.760 RC4b or older. These versions suffer from several vulnerabilities :

- Multiple Cross-Site Scripting Vulnerabilities An attacker can inject arbitrary HTML and script code into the browser of users by manipulating input to the 'moderate' parameter of the 'Comments' module and the 'htmltext' parameter of the 'user.php' script.

- A SQL Injection Vulnerability The application fails to launder user-supplied input to the 'show' parameter in the 'modules/Downloads/dl-viewdownload.php' module.
With admin rights, an attacker could exploit this issue to manipulate SQL queries.

Solution

Upgrade to PostNuke version 0.760 or later.

See Also

http://securityreason.com/achievement_securityalert/22

https://seclists.org/bugtraq/2005/Aug/286

Plugin Details

Severity: Medium

ID: 19545

File Name: postnuke_0_760_rc4b.nasl

Version: 1.22

Type: remote

Family: CGI abuses

Published: 8/30/2005

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.1

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:postnuke_software_foundation:postnuke

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 8/22/2005

Reference Information

CVE: CVE-2005-2689, CVE-2005-2690

BID: 14635, 14636

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990