EncapsBB File Include Vulnerability
BID:12933
Info
EncapsBB File Include Vulnerability
| Bugtraq ID: | 12933 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 29 2005 12:00AM |
| Updated: | Mar 29 2005 12:00AM |
| Credit: | Frank "brOmstar" Reissner is credited with the discovery of this issue. |
| Vulnerable: |
EncapsBB EncapsBB 0.3.2 _fixed |
| Not Vulnerable: | |
Discussion
EncapsBB File Include Vulnerability
EncapsBB is reported prone to a file include vulnerability.
The problem presents itself specifically when an attacker passes the location of a remote or local script through the 'index_header.php' script.
An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
EncapsBB version 0.3.2_fixed is reported prone to this issue. Other versions may be affected as well.
EncapsBB is reported prone to a file include vulnerability.
The problem presents itself specifically when an attacker passes the location of a remote or local script through the 'index_header.php' script.
An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
EncapsBB version 0.3.2_fixed is reported prone to this issue. Other versions may be affected as well.
Exploit / POC
EncapsBB File Include Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
EncapsBB File Include Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.