| VID |
21264 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
Some PHP scripts of the myPHPNuke are vulnerable to a code injection attack.
myPHPNuke is a freely available PHP-based content management system. myPHPNuke version 1.8.8_7 could allow a remote attacker to include malicious PHP files, caused by improper filtering of user-supplied input. An attacker could install malicious PHP files on a hostile server and then use them to execute arbitrary code on the vulnerable system.
A remote attacker could send a specially-crafted URL request to the 'gallery/displayCategory.php' or 'mailattach.php' script that specifies a malicious PHP file on a remote system as a parameter, which could allow to execute arbitrary code on the affected system.
* References:
http://www.securityfocus.com/archive/1/337085
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0101.html
* Platforms Affected:
Linux Any version
Unix Any version
Windows Any version
myPHPNuke 1.8.8_7 |
| Recommendation |
No upgrade or patch available as of June 2014.
As a workaround, recommend that modify the source code of each affected scripts, as suggested from the phpSecure.org Web site at http://www.phpsecure.info .
In gallery/displayCategory.php, add before all lines the lines:
-------------------------------------------------------------------
if (isset($_REQUEST["basepath"]) OR isset($_REQUEST["adminpath"])){
die("Patched.");
}
-------------------------------------------------------------------
And in mailattach.php, add just after the lines :
-------------------------------------------------------------------
[...]
<?
OpenTable();
global $attachmentdir;
[...]
-------------------------------------------------------------------
the lines :
-------------------------------------------------------------------
if (isset($_REQUEST["attach1_type"]) OR isset($_REQUEST["attach1_name"])
OR ereg("/",$attach1) OR ereg("\.\.",$attach1) OR ereg(".php",$attach1_name)
){
die("Patched.");
}
------------------------------------------------------------------- |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
13164 (ISS) |
|
