Säkerhetsuppdatering

Uppdaterat siren enligt PostNuke Security Advisory 2006-1

DESCRIPTION
PostNuke is an Open Source, open-development content management system (CMS). PostNuke is still undergoing development, but a large number of core functions are now stabilizing and a complete API for third-party developers is now implemented. The PostNuke CMS Development Team was notified by secunia.com about a vulnerability in the adodb database abstraction layer.

VULNERABILTIES
Arbitrary SQL code execution via adodb (when db-user is ‘root’ without password)

SOLUTION
It is recommended that all admins check for the following files and folders and remove them if found:
/includes/classes/adodb/server.php
/includes/classes/adodb/cute_icons _for_site
/includes/classes/adodb/PEAR
/includes/classes/adodb/contrib
/includes/classes/adodb/session/old
/includes/classes/adodb/tests

Securing the whole /includes/classes directory from web access provides an extra layer of security, by protecting against potential as-yet undiscovered security risks in libraries.
The following .htaccess file, placed in the /includes/classes directory, will secure the directory (Download):

order allow,deny

deny from all