TITLE: BLOG:CMS / Nucleus / PunBB Inclusion of Arbitrary Files SECUNIA ADVISORY ID: SA12097 VERIFY ADVISORY: http://secunia.com/advisories/12097/ CRITICAL: Moderately critical IMPACT: Unknown, Exposure of sensitive information WHERE: >From remote SOFTWARE: PunBB 1.x http://secunia.com/product/3700/ Nucleus 3.x http://secunia.com/product/3699/ BLOG:CMS 3.x http://secunia.com/product/3698/ DESCRIPTION: Radek Hulan has reported a vulnerability in BLOG:CMS, PunBB and Nucleus, potentially allowing malicious people to gain system access. The problem is that input used to include files isn't properly validated. This may allow malicious people to include arbitrary files from local and external resources if "register_globals" is set to "On". No further information is currently available. This affects the following versions: BLOG:CMS prior to 3.1.4 PunBB prior to 1.1.5 Nucleus prior to 3.0.1 SOLUTION: The following versions are not vulnerable: BLOG:CMS 3.1.4 PunBB 1.1.5 Nucleus 3.0.1 PROVIDED AND/OR DISCOVERED BY: Radek Hulán ORIGINAL ADVISORY: http://forum.blogcms.com/viewtopic.php?id=324 http://www.punbb.org/ http://nucleuscms.org/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org ----------------------------------------------------------------------