| VID |
210035 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Jinzora program is vulnerable to multiple remote file include vulnerabilities which exist in versions 2.7 and earlier. Jinzora is a Web-based application used to stream audio and video files written in PHP. Jinzora versions 2.7 and possibly earlier versions are vulnerable to multiple remote file include vulnerabilities, caused by improper validation of user-supplied input passed to the 'include_path' parameter of several scripts. If the register_globals is enabled, a remote attacker could send a specially-crafted URL request to execute arbitrary PHP code and operating system commands on the affected host.
* References:
http://milw0rm.com/exploits/3003
* Platforms Affected:
Jinzora version 2.7 and earlier versions
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of January 2007.
Upgrade to a fixed version of Jinzora greater than 2.7, when new fixed version becomes available from the Jinzora Download Web page at http://www.jinzora.org/pages.php?pn=downloads |
| Related URL |
CVE-2006-6770 (CVE) |
| Related URL |
21741 (SecurityFocus) |
| Related URL |
31086 (ISS) |
|
