admin
06-03-2005, 01:06 PM
phpCMS
http://www.phpcms.de
06-03-2005
Description:
Bernhard Müller has reported a vulnerability in phpCMS, which can be exploited by malicious people to disclose sensitive information.
Input passed to the "language" parameter in "parser.php" isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from local resources.
The vulnerability has been reported in version 1.2.x prior to version 1.2.1pl2.
Solution:
Update to version 1.2.1pl2 or apply patch.
http://www.phpcms.de/download/index.en.html
http://www.phpcms.de
06-03-2005
Description:
Bernhard Müller has reported a vulnerability in phpCMS, which can be exploited by malicious people to disclose sensitive information.
Input passed to the "language" parameter in "parser.php" isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from local resources.
The vulnerability has been reported in version 1.2.x prior to version 1.2.1pl2.
Solution:
Update to version 1.2.1pl2 or apply patch.
http://www.phpcms.de/download/index.en.html