Musoo modules/MusooTemplateLite.php GLOBALS[ini_array][EXTLIB_PATH] Variable Remote File Inclusion

ID OSVDB:37518
Type osvdb
Reporter OSVDB
Modified 2007-06-20T00:00:00


Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Solution Description

Upgrade to version 0.23 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Manual Testing Notes



Secunia Advisory ID:25751 Related OSVDB ID: 37517 Related OSVDB ID: 37519 Other Advisory URL: ISS X-Force ID: 34950 FrSIRT Advisory: ADV-2007-2266 CVE-2007-3297 Bugtraq ID: 24554