| VID |
210034 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Jinzora program is vulnerable to multiple remote file include vulnerabilities which exist in versions 2.0.1 and earlier. Jinzora is a Web-based application used to stream audio and video files written in PHP. Jinzora versions 2.0.1 and possibly earlier versions are vulnerable to multiple remote file include vulnerabilities, caused by improper validation of user-supplied input passed to the 'include_path' parameter of several scripts. If the register_globals is enabled, a remote attacker could send a specially-crafted URL request to execute arbitrary PHP code and operating system commands on the affected host.
* References:
http://freshmeat.net/projects/jinzora/?branch_id=43140&release_id=204535
http://secunia.com/advisories/15952
* Platforms Affected:
Jinzora versions 2.0.1 and earlier versions
Any operating system Any version |
| Recommendation |
Update to the latest version of Jinzora (2.2 or later), available from the Jinzora Download Web site at http://www.jinzora.org/pages.php?pn=downloads |
| Related URL |
CVE-2005-2249 (CVE) |
| Related URL |
14188 (SecurityFocus) |
| Related URL |
23240 (ISS) |
|
