Berylium2 Berylium-Classes.PHP Remote File-Include Vulnerability

Bugtraq ID:	23882
Class:	Input Validation Error
CVE:	CVE-2007-2531
Remote:	Yes
Local:	No
Published:	May 08 2007 12:00AM
Updated:	May 07 2015 05:39PM
Credit:	ThE TiGeR is credited with discovering this vulnerability.
Vulnerable:	Berylium Berylium 2 2003-08-18
Not Vulnerable:

Berylium2 Berylium-Classes.PHP Remote File-Include Vulnerability

Berylium2 is prone to a remote file-include vulnerability.

Exploiting this issue allows an attacker to execute arbitrary code in the context of the webserver.

This issue affects Berilium2 2003-08-18; other versions may also be affected.

Berylium2 Berylium-Classes.PHP Remote File-Include Vulnerability

Attackers can use a browser to exploit this issue.

The following proof-of-concept URI is available:

http://www.example.com/[berylium2_path]/code/berylium-classes.php?beryliumroot=shell.txt?

Berylium2 Berylium-Classes.PHP Remote File-Include Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Berylium2 Berylium-Classes.PHP Remote File-Include Vulnerability

References:

• Berylium2 Website (Berylium)