Retired: Drake CMS Admin Header.PHP Remote File Include Vulnerability

Bugtraq ID:	22595
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Feb 16 2007 12:00AM
Updated:	Feb 16 2007 08:17PM
Credit:	KaRTaL is credited with the discovery of this vulnerability.
Vulnerable:	Drake CMS Drake CMS 0.3.2
Not Vulnerable:	Drake CMS Drake CMS 0.3.3

Retired: Drake CMS Admin Header.PHP Remote File Include Vulnerability

Drake CMS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

This issue affects version 0.3.2; earlier versions may also be vulnerable.

Further source code analysis reveals this is not a valid vulnerability. The parameter specified is clearly defined. This BID is being retired.

Retired: Drake CMS Admin Header.PHP Remote File Include Vulnerability

An attacker can exploit this issue via a web client.

The following proof-of-concept URI is available:

http://www.example.com/path/header.php?aclasses_dir=[shell]

Retired: Drake CMS Admin Header.PHP Remote File Include Vulnerability

Solution:
Drake CMS version 0.3.3 is not vulnerable to this issue.


Drake CMS Drake CMS 0.3.2

• Drake CMS drake_0.3.3_beta_rev1387.tar.gz
  http://downloads.sourceforge.net/drakecms/drake_0.3.3_beta_rev1387.tar .gz

Retired: Drake CMS Admin Header.PHP Remote File Include Vulnerability

References:

• Drake CMS Homepage (Drake CMS)
  
• Drake CMS v0.3.2 < = RFi Vulnerabilities ([email protected])