HTTP: PostNuke Theme Parameter Directory Traversal and Command Execution
This signature detects directory traversal attempts against the index.php script included with PostNuke. PostNuke versions 0.723 and earlier are vulnerable. Attackers can send a maliciously crafted request to index.php to traverse the directory structure and execute arbitrary commands.
Extended Description
A vulnerability has been discovered in PostNuke Phoenix 0.723 and earlier. The problem occurs in the theme handling engine and may be triggered through the use of directory traversal sequences.
Affected Products
Postnuke postnuke_phoenix
Short Name
HTTP:PHP:POSTNUKE-CMD-EXEC
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Command Directory Execution Parameter PostNuke Theme Traversal and bid:7048
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Postnuke