iWebNegar conf_edit.php Arbitrary Code Injection

2005-01-11T05:52:37
ID OSVDB:12800
Type osvdb
Reporter Hossein Asgary()
Modified 2005-01-11T05:52:37

Description

Vulnerability Description

iWebNegar contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to conf_edit.php not properly sanitizing user input supplied to multiple variables. This may allow an attacker to inject arbitrary commands which will be executed by the vulnerable script.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

iWebNegar contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to conf_edit.php not properly sanitizing user input supplied to multiple variables. This may allow an attacker to inject arbitrary commands which will be executed by the vulnerable script.

References:

Vendor URL: http://webnegar.co.sr/ Secunia Advisory ID:13485 Other Advisory URL: http://www.securiteam.com/exploits/5JP0215EKC.html Bugtraq ID: 12140