Php-Stats admin.php Arbitrary PHP Command Injection

2006-03-03T12:47:35
ID OSVDB:23688
Type osvdb
Reporter OSVDB
Modified 2006-03-03T12:47:35

Description

Technical Description

An attacker must supply valid administration authentication credentials (or leverage such privileges via OSVDB 23687) in order to exploit this vulnerability.

Solution Description

Upgrade to version 0.1.9.1b or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Vendor URL: http://www.phpstats.net/ Secunia Advisory ID:19116 Related OSVDB ID: 23687 Related OSVDB ID: 23686 Related OSVDB ID: 23685 Related OSVDB ID: 23689 Other Advisory URL: http://retrogod.altervista.org/php_stats_0191_adv.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-03/0445.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-03/0083.html