Directory traversal vulnerability in error.php in PostNuke 0.763 and previous versions allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
postnuke software foundation postnuke 0.762 |
||
postnuke software foundation postnuke |