Puntal Installation Scripts GLOBALS Remote File Include Vulnerability
BID:21357
Info
Puntal Installation Scripts GLOBALS Remote File Include Vulnerability
| Bugtraq ID: | 21357 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 30 2006 12:00AM |
| Updated: | Nov 30 2006 06:54PM |
| Credit: | Vendor is credited with the discovery of this vulnerability. |
| Vulnerable: |
Puntal Puntal 1.8.4 Puntal Puntal 1.8.3 Puntal Puntal 1.8.2 |
| Not Vulnerable: |
Puntal Puntal 1.8.5 |
Discussion
Puntal Installation Scripts GLOBALS Remote File Include Vulnerability
Puntal installation scripts are prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input.
An attacker can exploit this issue to include arbitrary files with privileges of the webserver.
Puntal versions prior to 1.8.5 are vulnerable to this issue.
Puntal installation scripts are prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input.
An attacker can exploit this issue to include arbitrary files with privileges of the webserver.
Puntal versions prior to 1.8.5 are vulnerable to this issue.
Exploit / POC
Puntal Installation Scripts GLOBALS Remote File Include Vulnerability
Attackers can exploit this issue via a web client.
Attackers can exploit this issue via a web client.
Solution / Fix
Puntal Installation Scripts GLOBALS Remote File Include Vulnerability
Solution:
The vendor has released an update to address this issue.
Upgrade to Puntal version 1.8.5:
http://sourceforge.net/projects/puntal/http://sourceforge.net/projects/puntal/
Solution:
The vendor has released an update to address this issue.
Upgrade to Puntal version 1.8.5:
http://sourceforge.net/projects/puntal/http://sourceforge.net/projects/puntal/
References
Puntal Installation Scripts GLOBALS Remote File Include Vulnerability
References:
References:
- Vendor Home Page (Puntal )