Study Planner (Studiewijzer) methodology/traditional/class/ali.class.php SPL_CFG[dirroot] Variable Remote File Inclusion

2007-03-22T09:08:30
ID OSVDB:35170
Type osvdb
Reporter M.Hasran Addahroni(eufrato@gmail.com)
Modified 2007-03-22T09:08:30

Description

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

References:

Vendor URL: http://sourceforge.net/projects/splanner Vendor URL: http://www.studiewijzer.nl/ Related OSVDB ID: 35168 Related OSVDB ID: 35174 Related OSVDB ID: 35169 Related OSVDB ID: 35175 Related OSVDB ID: 35166 Related OSVDB ID: 35172 Related OSVDB ID: 35173 Related OSVDB ID: 35176 Related OSVDB ID: 35177 Related OSVDB ID: 35167 Related OSVDB ID: 35171 Other Advisory URL: http://advisories.echo.or.id/adv/adv77-K-159-2007.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-03/0301.html Keyword: ECHO_ADV_77$2007 ISS X-Force ID: 33128 Generic Exploit URL: http://www.milw0rm.com/exploits/3532 FrSIRT Advisory: ADV-2007-1069 CVE-2007-1628 Bugtraq ID: 23076