PHProjekt setup.php Arbitrary Command Execution

2004-12-02T07:03:42
ID OSVDB:12174
Type osvdb
Reporter Martin Münch()
Modified 2004-12-02T07:03:42

Description

Vulnerability Description

PHProjekt contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered by an unspecified error in the setup.php script. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, PHProjekt has released a patch to address this vulnerability.

Short Description

PHProjekt contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered by an unspecified error in the setup.php script. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.phprojekt.com/ Security Tracker: 1012369 Secunia Advisory ID:13355 Secunia Advisory ID:13428 Secunia Advisory ID:13517 Other Advisory URL: http://www.phprojekt.com/modules.php?op=modload&name=News&file=article&sid=189&mode=thread&order=0 Other Advisory URL: http://www.suse.de/de/security/2004_04_sr.html Other Advisory URL: http://www.novell.com/linux/security/advisories/2004_04_sr.html Other Advisory URL: http://security.gentoo.org/glsa/glsa-200412-06.xml ISS X-Force ID: 18320 CVE-2004-2739 Bugtraq ID: 11797