Simple Invoices Controller.PHP Multiple Local File Include Vulnerabilities

Bugtraq ID:	22389
Class:	Input Validation Error
CVE:	CVE-2007-0787
Remote:	Yes
Local:	No
Published:	Feb 05 2007 12:00AM
Updated:	May 12 2015 07:34PM
Credit:	The vendor disclosed these issues.
Vulnerable:	Simple Invoices Simple Invoices 20070125 Simple Invoices Simple Invoices 20061211
Not Vulnerable:

Simple Invoices Controller.PHP Multiple Local File Include Vulnerabilities

Simple Invoices is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.

Exploiting these issues may allow an unauthorized user to view files and execute local scripts.

Versions prior to 20070202 are vulnerable.

Simple Invoices Controller.PHP Multiple Local File Include Vulnerabilities

Attackers can exploit these issues via a web client.

Simple Invoices Controller.PHP Multiple Local File Include Vulnerabilities

Solution:
These issues have been addressed in version 20070202. Please see the references for more information.


Simple Invoices Simple Invoices 20061211

• Simple Invoices simpleinvoices_20070202.zip
  http://downloads.sourceforge.net/simpleinvoices/simpleinvoices_2007020 2.zip?modtime=1170429644&big_mirror=0

Simple Invoices Simple Invoices 20070125

• Simple Invoices simpleinvoices_20070202.zip
  http://downloads.sourceforge.net/simpleinvoices/simpleinvoices_2007020 2.zip?modtime=1170429644&big_mirror=0

Simple Invoices Controller.PHP Multiple Local File Include Vulnerabilities

References:

• Simple Invoices 2007 02 02 released (Simple Invoices)
  
• Simple Invoices Homepage (Simple Invoices)