5 lines
No EOL
525 B
Text
5 lines
No EOL
525 B
Text
source: http://www.securityfocus.com/bid/10793/info
|
|
|
|
It is reported that PostNuke may disclose administrator authentication credentials to remote attackers. This issue presents itself because the application fails to remove the install script 'install.php' after installation. This can allow an attacker to gain unauthorized access to the content management system. The attacker may then carry out further attacks against other users or the computer running the vulnerable application.
|
|
|
|
http://www.example.com/install.php |