| VID |
21657 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The PHPNews is vulnerable to a remote PHP file include vulnerability in the 'auth.php' script. PHPNews is an open source news content manager written in PHP. PHPNews version 1.2.4 and earlier versions could allow a remote attacker to include malicious PHP files, caused by improper validation of user-supplied input in the auth.php script. If the register_globals and allow_url_fopen are set to 'on', this vulnerability can be exploited. A remote attacker can send a specially-crafted URL request to execute arbitrary PHP code and operating system commands on the target system.
* References:
http://www.securitytracker.com/alerts/2005/Mar/1013345.html
* Platforms Affected:
SourceForge.net, PHPNews version 1.2.4 and earlier versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of PHPNews (1.2.5 or later), available from the SourceForge.net Web Download page at http://newsphp.sourceforge.net/downloads.php
-- OR --
Make sure that PHP's 'register_globals' and 'allow_url_fopen' settings are disabled. |
| Related URL |
CVE-2005-0632 (CVE) |
| Related URL |
12696 (SecurityFocus) |
| Related URL |
19582 (ISS) |
|
