header-logo
Suggest Exploit
vendor:
PostNuke
by:
Unknown
7.5
CVSS
HIGH
Credential Disclosure
200
CWE
Product Name: PostNuke
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: a:postnuke:postnuke
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

PostNuke Administrator Authentication Credential Disclosure

PostNuke fails to remove the install script 'install.php' after installation, allowing remote attackers to gain unauthorized access to the content management system and disclose administrator authentication credentials.

Mitigation:

Remove or restrict access to the 'install.php' script after completing the installation process.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10793/info

It is reported that PostNuke may disclose administrator authentication credentials to remote attackers. This issue presents itself because the application fails to remove the install script 'install.php' after installation. This can allow an attacker to gain unauthorized access to the content management system. The attacker may then carry out further attacks against other users or the computer running the vulnerable application.

http://www.example.com/install.php

Navigation

Suggest Exploit

Services By CQR