Silvernews tpl_global.php Template Edit Arbitrary Command Execution

2005-08-03T06:09:47
ID OSVDB:18982
Type osvdb
Reporter OSVDB
Modified 2005-08-03T06:09:47

Description

Technical Description

This vulnerability is only present when the magic_quotes_gpc PHP option is 'off'. An attacker must also supply valid authentication credentials (or bypass login via OSVDB 18517) in order to exploit this vulnerability.

References:

Vendor URL: http://www.silver-scripts.de/scripts.php?l=en&script=SilverNews Related OSVDB ID: 18517 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0080.html