[PHPADSNEW-SA-2005-001] phpAdsNew and phpPgAds 2.0.6 fix multiple vulnerabilities

2005-08-18T00:00:00
ID SECURITYVULNS:DOC:9513
Type securityvulns
Reporter Securityvulns
Modified 2005-08-18T00:00:00

Description

======================================================================== phpAdsNew / phpPgAds security advisory PHPADSNEW-SA-2005-001


Advisory ID: PHPADSNEW-SA-2005-001 Date: 2005-Aug-17 Security risk: highly critical Applications affetced: phpAdsNew, phpPgAds Versions affected: <= 2.0.5 Versions not affected: >= 2.0.6 ========================================================================

======================================================================== Vulnerability 1: arbitrary PHP code execution


Impact: system access Where: from remote ========================================================================

Description

Stefan Esser of the Hardened-PHP Project reported a serious vulnerablility in the third-party XML-RPC library included with phpAdsNew and phpPgAds. An attacker could execute arbitrary PHP code on a vulnerable site.

Solution

  • Upgrade to phpAdsNew or phpPgAds 2.0.6.

References

http://www.hardened-php.net/advisory_152005.67.html

======================================================================== Vulnerability 2: local file inclusion


Impact: system access Where: from remote ========================================================================

Description

Maksymilian Arciemowicz of the securityreason.com team reported a local file inclusion vulnerablility in phpAdsNew and phpPgAds, caused by missing sanitization of a GET variable.

Solution

  • Upgrade to phpAdsNew or phpPgAds 2.0.6.

References

[phpAdsNew 2.0.5 Local file inclusion cXIb8O3.16] http://www.securityreason.com/

======================================================================== Vulnerability 3: SQL injection


Impact: application admin access (+ potential system access) Where: from remote ========================================================================

Description

Pine Digital Security reported an SQL injection vulnerablility in phpAdsNew and phpPgAds, caused by missing sanitization of the clientid GET variable. The vulnerability seems to be exploitable with MySQL 4.1+ or PostgreSQL to obtain administrator access to the application. Depending on the database user permissions, an attacker could also gain access to the local filesystem.

Solution

  • Upgrade to phpAdsNew or phpPgAds 2.0.6.

References

http://www.pine.nl/

Contact informations

The security contact for phpAdsNew and phpPgAds can be reached at: <security AT phpadsnew DOT com>

Best regards

Matteo Beccati http://phpadsnew.com/ http://phppgads.com/