Vulnerability in Pagesetter publishing module for PostNuke
A vulnerability in the optional Pagesetter publishing module for the popular content management system PostNuke permits access to arbitrary files on a system in the webserver context. Pagesetter is intended to assist users in creating their own modules and content headings. By calling a simple URL in the browser, however, it is possible to read, for example, the file /etc/passwd. It is not necessary to be logged onto the system, all that is required is that the name of the file is known, which presents an attacker with few problems on standard systems.
Pagesetter 6.2.0 to 6.3.0 beta5 are affected. The bug is fixed in the latest version 6.3.0. Users should update to the new version as soon as possible, as a demo URL for reading files is included in the security advisory from SEC Consult, who discovered the vulnerability. Forthcoming attacks are therefore to be expected.
- File Disclosure in Pagesetter for PostNuke, security advisory from SEC Consult