Eduha Meeting File Upload Arbitrary PHP Code Execution

2006-06-19T09:33:57
ID OSVDB:26627
Type osvdb
Reporter Liz0ziM(liz0@bsdmail.com)
Modified 2006-06-19T09:33:57

Description

Vulnerability Description

Eduha Meeting File contains a flaw that may allow a malicious user to execute arbitrary PHP code. The issue is triggered when the user uploads a file, the script does not correctly restrict the extension of files that can be uploaded. It is possible that the flaw may allow remote code execution resulting in a loss of integrity.

Solution Description

Upgrade to latest version, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Eduha Meeting File contains a flaw that may allow a malicious user to execute arbitrary PHP code. The issue is triggered when the user uploads a file, the script does not correctly restrict the extension of files that can be uploaded. It is possible that the flaw may allow remote code execution resulting in a loss of integrity.

Manual Testing Notes

http://[target]/path/index.php?act=add

References:

Vendor URL: http://eduha.forever.kz/ Secunia Advisory ID:20731 Other Advisory URL: http://www.biyosecurity.be/bugs/meeting.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0450.html ISS X-Force ID: 27296 FrSIRT Advisory: ADV-2006-2428 CVE-2006-3158 Bugtraq ID: 18499