PostNuke 0.7x - Install Script Administrator Password Disclosure

EDB-ID:

24307

CVE:



Author:

hellsink

Type:

webapps


Platform:

PHP

Date:

2004-07-24


source: https://www.securityfocus.com/bid/10793/info

It is reported that PostNuke may disclose administrator authentication credentials to remote attackers. This issue presents itself because the application fails to remove the install script 'install.php' after installation. This can allow an attacker to gain unauthorized access to the content management system. The attacker may then carry out further attacks against other users or the computer running the vulnerable application.

http://www.example.com/install.php