News

Zafenio forum module for Zikula [1]

Zafenio forum module for Zikula: Security: Fake Vulnerability Alert for PNphpBB2

Contributed by slam on Feb 20, 2009 - 04:51 PM

F-Secure [2] and Secunia [3] have recently reported a security advisory from StAkeR which relates to PNphpBB2. Some background research will tell you that this person is well known for spamming security boards with non proofen and often simply false advisories. His motivations are unclear, probably he is interested in discrediting PHP in general.


Also in our case he describes an attack which is technicially simply not possible, as all admin paths for PNphpBB2 are protected against intruders. Only people loged into PostNuke/PNphpBB2 and holding admin rights for PNphpBB2 are able to access these files, everyone else will receive a 403 error from the web server.


So, no vulnerability, no fix needed - no worry. :-)


Greetings,

Chris
Share [4] |
 
Links
  1. http://www.zafenio.com/index.php?module=News&func=view&lang=en&prop=Main&cat=10009
  2. http://www.f-secure.com/vulnerabilities/SA200900216
  3. http://secunia.com/Advisories/33365
  4. http://www.addthis.com/bookmark.php?v=250&username=awoox