Flexible Content Management System


REMINDER: Remove XMLRPC from your site!

Contributed by Important Security I on Aug 16, 2005 - 11:13 PM

The following was posted on June 29th in PNSA 2005-3:


PostNuke CMS is an open source, open development content management system (CMS). PostNuke CMS started as a fork from PHPNuke and provides many enhancements and improvements over the PHP-Nuke system.

PostNuke CMS is still undergoing development but a large number of core functions are now stabilising and a complete API for third-party developers (including ADODB database abstraction and SMARTY templating) is in place.

The PostNuke CMS Development Team was notified about a security issue within the current .750 stable package and the .760 development tree.


- remote code injection via xml rpc library


It is recommended that all admins deactivate and remove the 'xmlrpc' module within administration-modules and additionaly remove /xmlrpc.php and and the /modules/xmlrpc folder completly from the filesystem.

Andreas Krapohl [larsneo]

PostNuke CMS Development Team