Ovidentia flbchart.php babInstallPath Variable Remote File Inclusion

2006-05-31T05:18:10
ID OSVDB:27220
Type osvdb
Reporter black-code(black-cod3@hotmail.com)
Modified 2006-05-31T05:18:10

Description

Vulnerability Description

Ovidentia contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the flbchart.php script not properly sanitizing user input supplied to the 'babInstallPath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Ovidentia contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the flbchart.php script not properly sanitizing user input supplied to the 'babInstallPath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

References:

Vendor URL: http://www.ovidentia.org/ Related OSVDB ID: 27212 Related OSVDB ID: 27213 Related OSVDB ID: 27215 Related OSVDB ID: 27214 Related OSVDB ID: 27218 Related OSVDB ID: 27225 Related OSVDB ID: 27229 Related OSVDB ID: 27221 Related OSVDB ID: 27223 Related OSVDB ID: 27224 Related OSVDB ID: 27216 Related OSVDB ID: 27219 Related OSVDB ID: 27228 Related OSVDB ID: 27209 Related OSVDB ID: 27210 Related OSVDB ID: 27211 Related OSVDB ID: 27217 Related OSVDB ID: 27222 Related OSVDB ID: 27226 Related OSVDB ID: 27227 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0700.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-01/0365.html CVE-2006-2811 Bugtraq ID: 18232