SPAW Editor PHP Arbitrary Code Execution

2003-12-18T06:07:18
ID OSVDB:3070
Type osvdb
Reporter OSVDB
Modified 2003-12-18T06:07:18

Description

Vulnerability Description

SPAW editor (PHP edition) contains a flaw that may allow a malicious user to execute arbitrary scripts located on the remote server. The issue is triggered when an attacker sends a specially-crafted URL to a remote script specifying a malicious file located on the remote server. It is possible that the flaw may result in execution of any PHP scripts located on the remote server.

Solution Description

Upgrade to version 1.0.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Subsequent reports indicate that 1.0.4 does not fully address the vulnerability. Solmetra has been informed of different ways to exploit this issue despite the fixes added to 1.0.4.

Short Description

SPAW editor (PHP edition) contains a flaw that may allow a malicious user to execute arbitrary scripts located on the remote server. The issue is triggered when an attacker sends a specially-crafted URL to a remote script specifying a malicious file located on the remote server. It is possible that the flaw may result in execution of any PHP scripts located on the remote server.

References:

Vendor Specific Solution URL: http://www.solmetra.com/en/disp.php/en_products/en_spaw/en_spaw_download Vendor Specific Advisory URL Secunia Advisory ID:10451 Keyword: Remote File Inclusion ISS X-Force ID: 14031 Bugtraq ID: 9247