PHPizabi 'v_cron_proc.php' Arbitrary Script Injection Vulnerabilities

Bugtraq ID:	30257
Class:	Input Validation Error
CVE:	CVE-2008-3239
Remote:	Yes
Local:	No
Published:	Jul 16 2008 12:00AM
Updated:	May 07 2015 05:27PM
Credit:	Inphex <[email protected]>
Vulnerable:	PHPizabi PHPizabi 0.848b.C1 HFP1
Not Vulnerable:

PHPizabi 'v_cron_proc.php' Arbitrary Script Injection Vulnerabilities

PHPizabi is prone to two vulnerabilities that allow attackers to execute arbitrary script code because it fails to properly sanitize user-supplied input.

An attacker can exploit these issues to execute arbitrary script code in the context of the webserver. Successful exploits can compromise the application.

PHPizabi 0.848b C1 HFP1 is vulnerable; other versions may also be affected.

PHPizabi 'v_cron_proc.php' Arbitrary Script Injection Vulnerabilities

Attackers can exploit these issues via a browser.

The following exploit code is available:

• /data/vulnerabilities/exploits/30257.pl

PHPizabi 'v_cron_proc.php' Arbitrary Script Injection Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

PHPizabi 'v_cron_proc.php' Arbitrary Script Injection Vulnerabilities

References:

• PHPizabi Homepage (PHPizabi)