phpGroupWare Remote Include File Vulnerability
BID:2069
Info
phpGroupWare Remote Include File Vulnerability
| Bugtraq ID: | 2069 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 06 2000 12:00AM |
| Updated: | Dec 06 2000 12:00AM |
| Credit: | This vulnerability was announced in Secure Reality Pty Ltd. Security Advisory #6 on December 6, 2000. |
| Vulnerable: |
Joseph Engo phpGroupWare 0.9.6 |
| Not Vulnerable: | |
Discussion
phpGroupWare Remote Include File Vulnerability
phpGroupWare is a multi-user groupware suite originally developed by Joseph Engo, and freely distributed. A problem in the software could allow users to remotely execute malicious code.
The problem occurs in the include() function of php. Due to a design flaw in the phpgw.inc.php include file, it is possible to supply variables in a FORM method that will fulfill these variables, and cause the software to seek an include file outside of the local system. Insufficent access control makes it possible for a malicious user to generate a custom crafted request to the web server, which could result in the execution of code with the UID and GID of the httpd process.
phpGroupWare is a multi-user groupware suite originally developed by Joseph Engo, and freely distributed. A problem in the software could allow users to remotely execute malicious code.
The problem occurs in the include() function of php. Due to a design flaw in the phpgw.inc.php include file, it is possible to supply variables in a FORM method that will fulfill these variables, and cause the software to seek an include file outside of the local system. Insufficent access control makes it possible for a malicious user to generate a custom crafted request to the web server, which could result in the execution of code with the UID and GID of the httpd process.
Exploit / POC
phpGroupWare Remote Include File Vulnerability
Currently the SecurityFocus staff are not ware of any publicly available exploits for this vulnerability. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not ware of any publicly available exploits for this vulnerability. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
phpGroupWare Remote Include File Vulnerability
References:
References: