NetOffice settings.php Ftp Server Field Arbitrary PHP Code Execution

2006-03-28T04:32:38
ID OSVDB:24231
Type osvdb
Reporter OSVDB
Modified 2006-03-28T04:32:38

Description

Technical Description

An attacker must supply valid administrator authentication credentials in order to exploit this vulnerability.

This vulnerability is only present when the magic_quotes_gpc PHP option is 'off'.

References:

Vendor URL: http://netoffice.sourceforge.net/ Secunia Advisory ID:19452 Related OSVDB ID: 24230 Generic Exploit URL: http://milw0rm.com/exploits/1617