Aztek Forum Multiple Input Validation Vulnerabilities
BID:22239
Info
Aztek Forum Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 22239 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 25 2007 12:00AM |
| Updated: | Jan 26 2007 06:19PM |
| Credit: | Darkfig is credited with the discovery of this vulnerability. |
| Vulnerable: |
Aztek Forum Aztek Forum 4.0 |
| Not Vulnerable: | |
Discussion
Aztek Forum Multiple Input Validation Vulnerabilities
Aztek Forum is prone to multiple input-validation vulnerabilities, including multiple variable-overwrite vulnerabilities, a filter-bypass vulnerability, an SQL-injection vulnerability, and a remote file-include vulnerability.
A successful exploit may allow an attacker to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database implementation, include and execute arbitrary remote files that may contain malicious PHP code within the context of the webserver, overwrite arbitrary variables, and bypass filtering mechanisms.
This issue affects version 4.0; other versions may also be affected.
Aztek Forum is prone to multiple input-validation vulnerabilities, including multiple variable-overwrite vulnerabilities, a filter-bypass vulnerability, an SQL-injection vulnerability, and a remote file-include vulnerability.
A successful exploit may allow an attacker to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database implementation, include and execute arbitrary remote files that may contain malicious PHP code within the context of the webserver, overwrite arbitrary variables, and bypass filtering mechanisms.
This issue affects version 4.0; other versions may also be affected.
Exploit / POC
Aztek Forum Multiple Input Validation Vulnerabilities
Attackers can exploit these issues via a web client.
The following exploit code is available:
Attackers can exploit these issues via a web client.
The following exploit code is available:
Solution / Fix
Aztek Forum Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Aztek Forum Multiple Input Validation Vulnerabilities
References:
References: