StatIt Visible_count_inc.PHP Remote File Include Vulnerability

Bugtraq ID:	17887
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	May 08 2006 12:00AM
Updated:	May 09 2006 08:54PM
Credit:	IGNOR3 is credited with the discovery of this vulnerability.
Vulnerable:	otterware StatIt 4.0
Not Vulnerable:	otterware StatIt 4.0.60504

StatIt Visible_count_inc.PHP Remote File Include Vulnerability

StatIt is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

StatIt Visible_count_inc.PHP Remote File Include Vulnerability

This issue can be exploited through a web client.

The following exploit is available:

• /data/vulnerabilities/exploits/StatIt-v4-0508-rfi.pl

StatIt Visible_count_inc.PHP Remote File Include Vulnerability

Solution:
The vendor has released an updated version to address this issue.


otterware StatIt 4.0

• otterware statit4_060504.tar.gz
  http://otterware.net/index.php?dl=42

StatIt Visible_count_inc.PHP Remote File Include Vulnerability

References:

• StatIt Download (otterware)