| VID |
21902 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The phpwcms is vulnerable to multiple vulnerabilities which exist in versions 1.2.5 and earlier. phpwcms is a freely available Content Management System (CMS) written in PHP. phpwcms version 1.2.5 and earlier versions are vulnerable to multiple vulnerabilities, which could allow a remote attacker to read arbitrary files and potentially to execute arbitrary PHP code on the affected host via directory traversal sequences and a NULL (%00) character in the form_lang parameter in the login.php script and the imgdir parameter in the random_image.php script. In addition, the installed version might be vulnerable to cross-site scripting attacks.
* References:
http://www.securityfocus.com/archive/1/416675
http://secunia.com/advisories/17590/
http://www.frsirt.com/english/advisories/2005/2452
http://www.frsirt.com/english/reference/859
* Platforms Affected:
phpwcms version 1.2.5 and earlier versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of phpwcms (1.2.6 or later), available from the SourceForge.net Download Web site at http://sourceforge.net/project/showfiles.php?group_id=94396 |
| Related URL |
CVE-2005-3789 (CVE) |
| Related URL |
15436 (SecurityFocus) |
| Related URL |
(ISS) |
|
