| VID |
21770 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The phpAdsNew is vulnerable to a PHP code execution vulnerability in its bundled XML-RPC library. phpAdsNew is an open-source ad server, with an integrated banner management interface and tracking system that allows users to gather statistics, and XML-RPC is a library for open-source code for PHP users. phpAdsNew versions prior to 2.0.5 and PEAR XML-RPC versions prior to 1.3.1 could allow a remote attacker to execute arbitrary PHP code, caused by a vulnerability in its bundled XML-RPC library. A remote attacker could exploit this vulnerability to execute arbitrary PHP code on a target system.
* References:
http://www.gulftech.org/?node=research&article_id=00087-07012005
http://phpadsnew.com/two/nucleus/index.php?itemid=45
* Platforms Affected:
SourceForge.net, phpAdsNew versions prior to 2.0.5
PEAR XML_RPC versions prior to 1.3.1
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of phpAdsNew (2.0.5 or later), available from the SourceForge.net Web site at http://prdownloads.sourceforge.net/phpadsnew |
| Related URL |
CVE-2005-1921 (CVE) |
| Related URL |
14088 (SecurityFocus) |
| Related URL |
21194 (ISS) |
|
