| VID |
210066 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The PBLang BBS software is vulnerable to a local file include vulnerability in the login.php script. PBLang is a freely available bulletin board system written in PHP. PBLang version 4.67.16.a and earlier versions are vulnerable to a local file include vulnerability, caused by improper validation of user-supplied input passed to the 'lang' parameter of the 'login.php' script. If PHP's 'magic_quotes_gpc' setting is disabled, by sending a specially-crafted request to the login.php script containing "dot dot" sequences (/../) in the lang parameter, a remote attacker could view arbitrary files on the system or execute arbitrary PHP local files with the privileges of the Web server.
* References:
http://www.milw0rm.com/exploits/4036
http://www.frsirt.com/english/advisories/2007/2093
http://secunia.com/advisories/25572
* Platforms Affected:
Dr. Martinus, PBLang version 4.67.16.a and earlier versions
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of June 2014.
Upgrade to a version of PBLang greater than 4.67.16.a, when new fixed version becomes available from the SourceForge.net Web site at http://sourceforge.net/projects/pblang/ |
| Related URL |
CVE-2007-3096 (CVE) |
| Related URL |
24340 (SecurityFocus) |
| Related URL |
34751 (ISS) |
|
