Uppdaterat siren enligt PostNuke Security Advisory 2006-1DESCRIPTION
PostNuke is an Open Source, open-development content management system (CMS). PostNuke is still undergoing development, but a large number of core functions are now stabilizing and a complete API for third-party developers is now implemented. The PostNuke CMS Development Team was notified by secunia.com about a vulnerability in the adodb database abstraction layer.
Arbitrary SQL code execution via adodb (when db-user is ‘root’ without password)
It is recommended that all admins check for the following files and folders and remove them if found:
Securing the whole /includes/classes directory from web access provides an extra layer of security, by protecting against potential as-yet undiscovered security risks in libraries.
The following .htaccess file, placed in the /includes/classes directory, will secure the directory (Download):
deny from all