Ciberia Content Federator Maquetacion_Socio.PHP Remote File Include Vulnerability

Bugtraq ID:	21757
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Dec 26 2006 12:00AM
Updated:	Jan 02 2007 10:36PM
Credit:	Dr.Pantagon and Dr.Trojan are credited with the discovery of this vulnerability.
Vulnerable:	Ciberia Ciberia Content Federator 1.0
Not Vulnerable:

Ciberia Content Federator Maquetacion_Socio.PHP Remote File Include Vulnerability

Ciberia Content Federator is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary PHP code in the context of the webserver process.

Version 1.0 is vulnerable to this issue.

Ciberia Content Federator Maquetacion_Socio.PHP Remote File Include Vulnerability

An attacker can exploit this issue via a web client.

Sample exploit code is available:

• /data/vulnerabilities/exploits/21757.pl

Ciberia Content Federator Maquetacion_Socio.PHP Remote File Include Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].

Ciberia Content Federator Maquetacion_Socio.PHP Remote File Include Vulnerability

References:

• Ciberia Content Federator Web Site (Ciberia)