PHProjekt Remote File Include Vulnerability
BID:12116
Info
PHProjekt Remote File Include Vulnerability
| Bugtraq ID: | 12116 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 28 2004 12:00AM |
| Updated: | Dec 28 2004 12:00AM |
| Credit: | Discovery is credited to cYon. |
| Vulnerable: |
PHProjekt PHProjekt 4.2.2 PHProjekt PHProjekt 4.2.1 PHProjekt PHProjekt 4.2 PHProjekt PHProjekt 3.2 a PHProjekt PHProjekt 3.2 PHProjekt PHProjekt 3.1 a PHProjekt PHProjekt 3.1 PHProjekt PHProjekt 3.0 |
| Not Vulnerable: |
PHProjekt PHProjekt 4.2.3 |
Discussion
PHProjekt Remote File Include Vulnerability
A remote file include vulnerability affects PHProjekt. This issue is due to a failure of the application to properly sanitize user-supplied input prior to using it in a PHP 'include()' function call.
An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This will facilitate unauthorized access.
A remote file include vulnerability affects PHProjekt. This issue is due to a failure of the application to properly sanitize user-supplied input prior to using it in a PHP 'include()' function call.
An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This will facilitate unauthorized access.
Exploit / POC
PHProjekt Remote File Include Vulnerability
No exploit is required to leverage this issue.
No exploit is required to leverage this issue.
Solution / Fix
PHProjekt Remote File Include Vulnerability
Solution:
Gentoo has released advisory GLSA 200412-27 to provide fixes for this issue. Fixes may be applied by running the following commands as the superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=www-apps/phprojekt-4.2-r2"
The vendor has released an upgrade dealing with this issue.
PHProjekt PHProjekt 3.0
PHProjekt PHProjekt 3.1
PHProjekt PHProjekt 3.1 a
PHProjekt PHProjekt 3.2 a
PHProjekt PHProjekt 3.2
PHProjekt PHProjekt 4.2
PHProjekt PHProjekt 4.2.1
PHProjekt PHProjekt 4.2.2
Solution:
Gentoo has released advisory GLSA 200412-27 to provide fixes for this issue. Fixes may be applied by running the following commands as the superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=www-apps/phprojekt-4.2-r2"
The vendor has released an upgrade dealing with this issue.
PHProjekt PHProjekt 3.0
-
PHProjekt lib.zip
http://www.phprojekt.com/files/4.2/lib.zip
PHProjekt PHProjekt 3.1
-
PHProjekt lib.zip
http://www.phprojekt.com/files/4.2/lib.zip
PHProjekt PHProjekt 3.1 a
-
PHProjekt lib.zip
http://www.phprojekt.com/files/4.2/lib.zip
PHProjekt PHProjekt 3.2 a
-
PHProjekt lib.zip
http://www.phprojekt.com/files/4.2/lib.zip
PHProjekt PHProjekt 3.2
-
PHProjekt lib.zip
http://www.phprojekt.com/files/4.2/lib.zip
PHProjekt PHProjekt 4.2
-
PHProjekt lib.zip
http://www.phprojekt.com/files/4.2/lib.zip
PHProjekt PHProjekt 4.2.1
-
PHProjekt lib.zip
http://www.phprojekt.com/files/4.2/lib.zip
PHProjekt PHProjekt 4.2.2
-
PHProjekt lib.zip
http://www.phprojekt.com/files/4.2/lib.zip
References
PHProjekt Remote File Include Vulnerability
References:
References:
- PHProjekt - security fix for login routine (PHProjekt Team)
- PHProjekt Homepage (PHProjekt Team)