Vulnerabilities > CVE-2006-5733 - Unspecified vulnerability in Postnuke Software Foundation Postnuke 0.762

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.

Exploit-Db

descriptionPostNuke <= 0.763 (PNSV lang) Remote Code Execution Exploit. CVE-2006-5733. Webapps exploit for php platform
fileexploits/php/webapps/2707.php
idEDB-ID:2707
last seen2016-01-31
modified2006-11-03
platformphp
port
published2006-11-03
reporterKacper
sourcehttps://www.exploit-db.com/download/2707/
titlePostNuke <= 0.763 PNSV lang Remote Code Execution Exploit
typewebapps