TITLE:
BLOG:CMS / Nucleus / PunBB Inclusion of Arbitrary Files

SECUNIA ADVISORY ID:
SA12097

VERIFY ADVISORY:
http://secunia.com/advisories/12097/

CRITICAL:
Moderately critical

IMPACT:
Unknown, Exposure of sensitive information

WHERE:
>From remote

SOFTWARE:
PunBB 1.x
http://secunia.com/product/3700/
Nucleus 3.x
http://secunia.com/product/3699/
BLOG:CMS 3.x
http://secunia.com/product/3698/

DESCRIPTION:
Radek Hulan has reported a vulnerability in BLOG:CMS, PunBB and
Nucleus, potentially allowing malicious people to gain system
access.

The problem is that input used to include files isn't properly
validated. This may allow malicious people to include arbitrary files
from local and external resources if "register_globals" is set to
"On".

No further information is currently available.

This affects the following versions:
BLOG:CMS prior to 3.1.4
PunBB prior to 1.1.5
Nucleus prior to 3.0.1

SOLUTION:
The following versions are not vulnerable:
BLOG:CMS 3.1.4
PunBB 1.1.5
Nucleus 3.0.1

PROVIDED AND/OR DISCOVERED BY:
Radek Hulán

ORIGINAL ADVISORY:
http://forum.blogcms.com/viewtopic.php?id=324
http://www.punbb.org/
http://nucleuscms.org/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------