| VID |
21725 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The phpAdsNew/phpPgAds program appears to be vulnerable to multiple vulnerabilities. phpPgAds and phpAdsNew are a banner management and tracking system that uses PostgreSQL as a database backend written in PHP. phpPgAds and phpAdsNew versions prior to 2.0.6 are vulnerable to multiple vulnerabilities, which can be exploited by a remote attacker to conduct arbitrary PHP code execution, SQL injection and local file inclusion attacks:
1) Remote PHP Code Injection Vulnerability in the 'adxmlrpc.php' script
2) An SQL Injection Vulnerability in the 'libraries/lib-view-direct.inc.php' script
3) Multiple Local File Inclusion Vulnerabilities in the 'adlayer.php' script and the 'admin/js-form.php' script.
* References:
http://www.securityfocus.com/archive/1/408423/30/120/threaded
http://secunia.com/advisories/16468/
http://secunia.com/advisories/16469/
* Platforms Affected:
SourceForge.net, phpPgAds versions prior to 2.0.6
SourceForge.net, phpAdsNew versions prior to 2.0.6
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of phpPgAds or phpAdsNew (2.0.6 or later), available from the following SourceForge.net Web sites:
For phpPgAds:
http://prdownloads.sourceforge.net/phppgads
For phpAdsNew:
http://prdownloads.sourceforge.net/phpadsnew |
| Related URL |
CVE-2005-2498,CVE-2005-2635,CVE-2005-2636 (CVE) |
| Related URL |
14560,14583,14588,14584,14591 (SecurityFocus) |
| Related URL |
21842,21875,21877,21879,21880 (ISS) |
|
