PHP Todo List Manager Regular Expressions Multiple Security Bypass Vulnerabilities

Bugtraq ID:	23928
Class:	Input Validation Error
CVE:	CVE-2007-2636
Remote:	Yes
Local:	No
Published:	May 11 2007 12:00AM
Updated:	May 07 2015 05:39PM
Credit:	The vendor reported these issues.
Vulnerable:	PHP Todo List Manager PHP Todo List Manager 0.8 Beta PHP Todo List Manager PHP Todo List Manager 0.7 Beta
Not Vulnerable:	PHP Todo List Manager PHP Todo List Manager 0.8.1 Beta

PHP Todo List Manager Regular Expressions Multiple Security Bypass Vulnerabilities

PHP Todo List Manager is prone to multiple security-bypass vulnerabilities because it fails to adequately validate user-supplied data.

Attackers can exploit these issues to compromise the application; other attacks are also possible.

Versions prior to 0.8.1 Beta are vulnerable.

PHP Todo List Manager Regular Expressions Multiple Security Bypass Vulnerabilities

An attacker can use a browser to exploit these issues.

PHP Todo List Manager Regular Expressions Multiple Security Bypass Vulnerabilities

Solution:
The vendor has released version 0.8.1 Beta to address these issues. Please see the references for more information.


PHP Todo List Manager PHP Todo List Manager 0.8 Beta

• PHP Todo List Manager phpTodo-0.8.1beta.tar.gz
  http://downloads.sourceforge.net/phptodo/phpTodo-0.8.1beta.tar.gz?modt ime=1175865922&big_mirror=0

PHP Todo List Manager Regular Expressions Multiple Security Bypass Vulnerabilities

References:

• Changelog (PHP Todo List Manager)
  
• Vendor Homepage (PHP Todo List Manager)