phpMyAgenda agenda2.php3 rootagenda Variable Remote File Inclusion

2006-04-24T12:32:35
ID OSVDB:29151
Type osvdb
Reporter Aesthetico(admin@majorsecurity.de)
Modified 2006-04-24T12:32:35

Description

Vulnerability Description

phpMyAgenda contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to agenda2.php3 not properly sanitizing user input supplied to the 'rootagenda' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Solution Description

Upgrade to version 3.1 beta 1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

phpMyAgenda contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to agenda2.php3 not properly sanitizing user input supplied to the 'rootagenda' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

References:

Vendor URL: http://phpmyagenda.com/ Vendor Specific News/Changelog Entry: http://sourceforge.net/forum/forum.php?forum_id=569237 Security Tracker: 1015984 Secunia Advisory ID:19748 Related OSVDB ID: 29150 Related OSVDB ID: 29153 Related OSVDB ID: 29149 Related OSVDB ID: 24943 Related OSVDB ID: 29148 Other Advisory URL: http://osvdb.org/ref/29/2914x-phpmyagenda.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-04/0503.html ISS X-Force ID: 26062 Generic Exploit URL: http://downloads.securityfocus.com/vulnerabilities/exploits/phpMyAgenda_fi.txt FrSIRT Advisory: ADV-2006-1509 CVE-2006-5132 Bugtraq ID: 17670