PHPWCMS Spaw_Control.Class.PHP Local File Include Vulnerability
BID:18062
CVE-2006-2519 |Info
PHPWCMS Spaw_Control.Class.PHP Local File Include Vulnerability
| Bugtraq ID: | 18062 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 22 2006 12:00AM |
| Updated: | May 23 2006 08:28PM |
| Credit: | trueend5 is credited with the discovery of this vulnerability. |
| Vulnerable: |
phpwcms phpwcms 1.2.5 -DEV |
| Not Vulnerable: | |
Discussion
PHPWCMS Spaw_Control.Class.PHP Local File Include Vulnerability
The phpwcms application is prone to a local file-include vulnerability. This may allow unauthorized users to view files and to execute local scripts.
An attacker may also be able to execute arbitrary code by way of uploaded images.
Version 1.2.5-DEV is affected; earlier versions may also be vulnerable.
The phpwcms application is prone to a local file-include vulnerability. This may allow unauthorized users to view files and to execute local scripts.
An attacker may also be able to execute arbitrary code by way of uploaded images.
Version 1.2.5-DEV is affected; earlier versions may also be vulnerable.
Exploit / POC
PHPWCMS Spaw_Control.Class.PHP Local File Include Vulnerability
This issue can be exploited through a web client.
This issue can be exploited through a web client.
Solution / Fix
PHPWCMS Spaw_Control.Class.PHP Local File Include Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
References
PHPWCMS Spaw_Control.Class.PHP Local File Include Vulnerability
References:
References:
- [KAPDA::#43] - phpwcms multiple vulnerabilities (KAPDA)
- PHPWCMS Web Site (PHPWCMS)
- [KAPDA::#43] - phpwcms multiple vulnerabilities (alireza hassani)