admin
07-09-2005, 01:22 AM
phpSecurePages
http://www.phpsecurepages.com
07-08-2005
http://secunia.com/product/445/
Description:
Status-x has discovered a vulnerability in phpSecurePages, which can be exploited by malicious people to compromise a vulnerable system.
Input passed to the "cfgProgDir" parameter in "phpSecurePages/secure.php" isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources.
This is related to:
SA7246 (http://secunia.com/SA7246/)
Successful exploitation requires that "register_globals" is enabled.
The vulnerability has been confirmed in version 0.28 beta. Other versions may also be affected.
Solution:
Edit the source code to ensure that input is properly verified.
Provided and/or discovered by:
Status-x
Other References:
SA7246:
http://secunia.com/advisories/7246/
http://www.phpsecurepages.com
07-08-2005
http://secunia.com/product/445/
Description:
Status-x has discovered a vulnerability in phpSecurePages, which can be exploited by malicious people to compromise a vulnerable system.
Input passed to the "cfgProgDir" parameter in "phpSecurePages/secure.php" isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources.
This is related to:
SA7246 (http://secunia.com/SA7246/)
Successful exploitation requires that "register_globals" is enabled.
The vulnerability has been confirmed in version 0.28 beta. Other versions may also be affected.
Solution:
Edit the source code to ensure that input is properly verified.
Provided and/or discovered by:
Status-x
Other References:
SA7246:
http://secunia.com/advisories/7246/