AutoTheme pnadmin.php gain access
| autotheme-pnadmin-gain-access (20490) |  High Risk |
Description:
AutoTheme for PostNuke and PHP-Nuke CMS could allow a remote attacker to gain unauthorized access to the Blocks module, caused by an unknown vulnerability in the modules/Blocks/pnadmin.php script.
Consequences:
Gain Access
Remedy:
Apply the fix, available from the AutoTheme Web site. See References.
References:
- AutoTheme Web site: Spidean - Pinnacle of Excellence :: PostNuke Themes, PostNuke Modules, PHP-Nuke Themes, PHP-Nuke Modules, osCommerce Themes, osCommerce Templates, OSC Themes and OSC Templates, Themes and Templates for your CMS, even some Xanthia themes.
- BID-13539: AutoTheme PostNuke Module Multiple Unspecified Vulnerabilities
- CVE-2005-1608: Multiple unknown vulnerabilities in the Blocks module in Spidean AutoTheme 1.7 and AT-Lite for PostNuke have unknown impact.
- OSVDB ID: 16346: AutoTheme for PostNuke Blocks Module pnadmin.php Unspecified Remote Privilege Escalation
- SA15289: AutoTheme and AT-Lite Unspecified Vulnerabilities
- SECTRACK ID: 1013908: AutoTheme for PostNuke Blocks Module May Let Remote Users Gain Access
Platforms Affected:
- Shawn McKenzie and Spidean AutoTheme 1.7
- Shawn McKenzie and Spidean AutoTheme AT-Lite .8
Reported:
May 06, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net