SocialMPN Module Arbitrary Remote PHP File Include Vulnerability

Bugtraq ID:	12774
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 10 2005 12:00AM
Updated:	Mar 10 2005 12:00AM
Credit:	Discovery of this vulnerability is credited to echo staff <[email protected]>.
Vulnerable:	SocialMPN SocialMPN 1.2.5 SocialMPN SocialMPN 1.2.4 SocialMPN SocialMPN 1.2.3 SocialMPN SocialMPN 1.2.2 SocialMPN SocialMPN 1.2.1
Not Vulnerable:	SocialMPN SocialMPN 1.2.6

SocialMPN Module Arbitrary Remote PHP File Include Vulnerability

SocialMPN is affected by a remote PHP file include vulnerability. This issue is due to a failure in the aplication to properly validate user-supplied input.

This vulnerability affects SocialMPN versions prior to 1.2.6.

SocialMPN Module Arbitrary Remote PHP File Include Vulnerability

No exploit is required.

The following exploit can be used to test for this vulnerability:

• /data/vulnerabilities/exploits/socialmpn_exploit.pl

SocialMPN Module Arbitrary Remote PHP File Include Vulnerability

Solution:
The vendor has addressed this issue in SocialMPN version 1.2.6.


SocialMPN SocialMPN 1.2.1

• SocialMPN SocialMPN 1.2.6
  http://socialmpn.com/download.php?op=getit&lid=20

SocialMPN SocialMPN 1.2.2

• SocialMPN SocialMPN 1.2.6
  http://socialmpn.com/download.php?op=getit&lid=20

SocialMPN SocialMPN 1.2.3

• SocialMPN SocialMPN 1.2.6
  http://socialmpn.com/download.php?op=getit&lid=20

SocialMPN SocialMPN 1.2.4

• SocialMPN SocialMPN 1.2.6
  http://socialmpn.com/download.php?op=getit&lid=20

SocialMPN SocialMPN 1.2.5

• SocialMPN SocialMPN 1.2.6
  http://socialmpn.com/download.php?op=getit&lid=20

SocialMPN Module Arbitrary Remote PHP File Include Vulnerability

References:

• SocialMpn Homepage (SocialMPN)
  
• Remote Testing SocialMPN Remote File Inclusion by y3dips ([email protected])