PHProjekt authform.inc.php path_pre Variable Arbitrary Command Execution

2004-12-28T08:31:12
ID OSVDB:12613
Type osvdb
Reporter cYon(z3hp@yahoo.com)
Modified 2004-12-28T08:31:12

Description

Vulnerability Description

PHProjekt contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to authform.inc.php not properly sanitizing user input supplied to the path_pre variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Solution Description

Upgrade to version 4.2.3 or higher, as it has been reported to fix this vulnerability. In addition, Albrecht Günther has released a patch for some older versions.

Short Description

PHProjekt contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to authform.inc.php not properly sanitizing user input supplied to the path_pre variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

References:

Vendor URL: http://www.phprojekt.com/ Vendor Specific Solution URL: http://www.gentoo.org/security/en/glsa/glsa-200412-27.xml Vendor Specific News/Changelog Entry: http://www.phprojekt.com/modules.php?op=modload&name=News&file=article&sid=193 Security Tracker: 1012708 Secunia Advisory ID:13660 Secunia Advisory ID:13698 Other Advisory URL: http://security.gentoo.org/glsa/glsa-200412-27.xml Keyword: Remote File Inclusion ISS X-Force ID: 18683 CVE-2004-2740 Bugtraq ID: 12116