Vulnerabilities > CVE-2006-5733 - Unspecified vulnerability in Postnuke Software Foundation Postnuke 0.762
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN postnuke-software-foundation
exploit available
Summary
Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description | PostNuke <= 0.763 (PNSV lang) Remote Code Execution Exploit. CVE-2006-5733. Webapps exploit for php platform |
file | exploits/php/webapps/2707.php |
id | EDB-ID:2707 |
last seen | 2016-01-31 |
modified | 2006-11-03 |
platform | php |
port | |
published | 2006-11-03 |
reporter | Kacper |
source | https://www.exploit-db.com/download/2707/ |
title | PostNuke <= 0.763 PNSV lang Remote Code Execution Exploit |
type | webapps |