PHP Easy Download Remote Code Execution Vulnerability
BID:21179
Info
PHP Easy Download Remote Code Execution Vulnerability
| Bugtraq ID: | 21179 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 07 2006 12:00AM |
| Updated: | Oct 21 2008 01:56AM |
| Credit: | nuffsaid is credited with discovering this vulnerability. |
| Vulnerable: |
PHP Easy Download PHP Easy Download 1.5 |
| Not Vulnerable: | |
Discussion
PHP Easy Download Remote Code Execution Vulnerability
PHP Easy Download is prone to an arbitrary remote code-execution vulnerability because the application fails to sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary PHP code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
PHP Easy Download is prone to an arbitrary remote code-execution vulnerability because the application fails to sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary PHP code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
Exploit / POC
PHP Easy Download Remote Code Execution Vulnerability
An exploit is not required.
The following exploit code is available:
An exploit is not required.
The following exploit code is available:
Solution / Fix
PHP Easy Download Remote Code Execution Vulnerability
Solution:
The vendor documents in later versions of the application to restrict access to the admin directory through the use of .htaccess files or equivalent. Contact the vendor for more information.
Solution:
The vendor documents in later versions of the application to restrict access to the admin directory through the use of .htaccess files or equivalent. Contact the vendor for more information.
References
PHP Easy Download Remote Code Execution Vulnerability
References:
References:
- PHP Easy Download Homepage (Ironclad Computer Services)