PAJAX Multiple Arbitrary PHP Code Execution Vulnerabilities
BID:17519
Info
PAJAX Multiple Arbitrary PHP Code Execution Vulnerabilities
| Bugtraq ID: | 17519 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-1551 CVE-2006-1789 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 14 2006 12:00AM |
| Updated: | May 16 2006 10:34PM |
| Credit: | These issues were discovered by RedTeam. |
| Vulnerable: |
PAJAX PAJAX 0.5.1 |
| Not Vulnerable: |
PAJAX PAJAX 0.5.2 |
Discussion
PAJAX Multiple Arbitrary PHP Code Execution Vulnerabilities
PAJAX is reported prone to multiple remote code-execution vulnerabilities. These issues may allow an attacker to gain unauthorized access to a vulnerable computer by executing arbitrary PHP code.
PAJAX versions 0.5.1 is affected by this issue. Prior versions may be affected as well.
PAJAX is reported prone to multiple remote code-execution vulnerabilities. These issues may allow an attacker to gain unauthorized access to a vulnerable computer by executing arbitrary PHP code.
PAJAX versions 0.5.1 is affected by this issue. Prior versions may be affected as well.
Exploit / POC
PAJAX Multiple Arbitrary PHP Code Execution Vulnerabilities
An exploit is not required.
Proof of concept is available.
An exploit is not required.
Proof of concept is available.
Solution / Fix
PAJAX Multiple Arbitrary PHP Code Execution Vulnerabilities
Solution:
The vendor has released version 0.5.2 to address these issues.
PAJAX PAJAX 0.5.1
Solution:
The vendor has released version 0.5.2 to address these issues.
PAJAX PAJAX 0.5.1
-
PAJAX pajax-0.5.2.zip
http://download.auberger.com/pajax-0.5.2.zip
References
PAJAX Multiple Arbitrary PHP Code Execution Vulnerabilities
References:
References:
- AJAX Remote Code Injection and File Inclusion Vulnerability (RedTeam)
- PAJAX (PAJAX)