Vulnerabilities > CVE-2006-5733 - Unspecified vulnerability in Postnuke Software Foundation Postnuke 0.762
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN postnuke-software-foundation
exploit available
Summary
Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
| description | PostNuke <= 0.763 (PNSV lang) Remote Code Execution Exploit. CVE-2006-5733. Webapps exploit for php platform |
| file | exploits/php/webapps/2707.php |
| id | EDB-ID:2707 |
| last seen | 2016-01-31 |
| modified | 2006-11-03 |
| platform | php |
| port | |
| published | 2006-11-03 |
| reporter | Kacper |
| source | https://www.exploit-db.com/download/2707/ |
| title | PostNuke <= 0.763 PNSV lang Remote Code Execution Exploit |
| type | webapps |