CVE-2005-1621 | Vulnerability Database | Aqua Security

Directory traversal vulnerability in the pnModFunc function in pnMod.php for PostNuke 0.750 through 0.760rc4 allows remote attackers to read arbitrary files via a .. (dot dot) in the func parameter to index.php.

Affected Software

Name	Vendor	Start Version	End Version
Postnuke	Postnuke_software_foundation	0.750 (including)	0.750 (including)
Postnuke	Postnuke_software_foundation	0.760_rc2 (including)	0.760_rc2 (including)
Postnuke	Postnuke_software_foundation	0.760_rc3 (including)	0.760_rc3 (including)
Postnuke	Postnuke_software_foundation	0.760_rc4 (including)	0.760_rc4 (including)

References

http://cvs.postnuke.com/viewcvs.cgi/Historic_PostNuke_Library/postnuke-devel/html/includes/pnMod.php.diff?r1=1.47\u0026r2=1.48
http://marc.info/?l=bugtraq\u0026m=111627124301526\u0026w=2
http://news.postnuke.com/Article2690.html
http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2691
http://www.vupen.com/english/advisories/2005/0553
http://cvs.postnuke.com/viewcvs.cgi/Historic_PostNuke_Library/postnuke-devel/html/includes/pnMod.php.diff?r1=1.47\u0026r2=1.48
http://marc.info/?l=bugtraq\u0026m=111627124301526\u0026w=2
http://news.postnuke.com/Article2690.html
http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2691
http://www.vupen.com/english/advisories/2005/0553

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-1621
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html