Directory traversal vulnerability in the pnModFunc function in pnMod.php for PostNuke 0.750 through 0.760rc4 allows remote attackers to read arbitrary files via a .. (dot dot) in the func parameter to index.php.
Software | From | Fixed in |
---|---|---|
postnuke_software_foundation / postnuke | 0.750 | 0.750.x |
postnuke_software_foundation / postnuke | 0.760_rc2 | 0.760_rc2.x |
postnuke_software_foundation / postnuke | 0.760_rc3 | 0.760_rc3.x |
postnuke_software_foundation / postnuke | 0.760_rc4 | 0.760_rc4.x |