Glossword Custom_Vars.PHP Remote File Include Vulnerability

Bugtraq ID:	24009
Class:	Input Validation Error
CVE:	CVE-2007-2743
Remote:	Yes
Local:	No
Published:	May 16 2007 12:00AM
Updated:	May 07 2015 05:39PM
Credit:	BeyazKurt is credited with the discovery of this vulnerability.
Vulnerable:	Glossword Glossword 1.8.1
Not Vulnerable:

Glossword Custom_Vars.PHP Remote File Include Vulnerability

Glossword is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

This issue affects Glossword 1.8.1; other versions may also be vulnerable.

Glossword Custom_Vars.PHP Remote File Include Vulnerability

Attackers can use a browser to exploit this issue.

The following proof-of-concept URI is available:

http://www.example.com/custom_vars.php?sys[path_addon]=EvilC0de

Glossword Custom_Vars.PHP Remote File Include Vulnerability

Solution:
The vendor has committed fixes to its Subversion repository. Please see the references for more information.

Users of affected packages should contact the vendor for information on obtaining and applying fixes.

Glossword Custom_Vars.PHP Remote File Include Vulnerability

References:

• Diff of /custom_vars.php (Glossword)
  
• Glossword Sourceforge Page (Glossword)