Directory traversal vulnerability in the pnModFunc function in pnMod.php for PostNuke 0.750 through 0.760rc4 allows remote attackers to read arbitrary files via a .. (dot dot) in the func parameter to index.php.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Postnuke | Postnuke_software_foundation | 0.760_rc4 | 0.760_rc4 |
Postnuke | Postnuke_software_foundation | 0.760_rc3 | 0.760_rc3 |
Postnuke | Postnuke_software_foundation | 0.760_rc2 | 0.760_rc2 |
Postnuke | Postnuke_software_foundation | 0.750 | 0.750 |