BID:50919

EPractize Labs Subscription Manager 'showImg.php' PHP Code Injection Vulnerability

Info

EPractize Labs Subscription Manager 'showImg.php' PHP Code Injection Vulnerability

Bugtraq ID:	50919
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Dec 06 2011 12:00AM
Updated:	Dec 06 2011 12:00AM
Credit:	Jan van Niekerk
Vulnerable:	EPractize Labs EPractize Labs Online Subscription Manager 0

Not Vulnerable:

Discussion

EPractize Labs Subscription Manager 'showImg.php' PHP Code Injection Vulnerability

EPractize Labs Subscription Manager is prone to a remote PHP code-injection vulnerability.

An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

Exploit / POC

EPractize Labs Subscription Manager 'showImg.php' PHP Code Injection Vulnerability

Attackers can exploit this issue through a browser.

Solution / Fix

EPractize Labs Subscription Manager 'showImg.php' PHP Code Injection Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

EPractize Labs Subscription Manager 'showImg.php' PHP Code Injection Vulnerability

References:

EPractize Labs Online Subscription Manager Homepage (EPractize Labs)
Backdoor in EPractize Labs Online Subscription Manager from epractizelabs.com (Jan van Niekerk)