BID:17521

PHPWebSite Config.PHP File Include Vulnerability

Info

PHPWebSite Config.PHP File Include Vulnerability

Bugtraq ID:	17521
Class:	Input Validation Error
CVE:	CVE-2006-1819
Remote:	Yes
Local:	No
Published:	Apr 14 2006 12:00AM
Updated:	May 03 2006 09:20PM
Credit:	rgod is credited with the discovery of this vulnerability.
Vulnerable:	phpWebsite phpWebsite 0.10.2 phpWebsite phpWebsite 0.10.1 + Gentoo Linux phpWebsite phpWebsite 0.10 Gentoo Linux

Not Vulnerable:

Discussion

PHPWebSite Config.PHP File Include Vulnerability

PHPWebSite is prone to a remote and local file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary remote and local PHP code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.

Versions 0.10.2 and prior are affected.

Exploit / POC

PHPWebSite Config.PHP File Include Vulnerability

No exploit is required.

The following proof of concept is available:

/data/vulnerabilities/exploits/PHPWebSite_fi_poc

Solution / Fix

PHPWebSite Config.PHP File Include Vulnerability

Solution:

Currently we are not aware of any official vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]

Please see the referenced third-party vendor advisories for details on obtaining appropriate updates.

References

PHPWebSite Config.PHP File Include Vulnerability

References:

phpWebsite Homepage (phpWebsite)