phpPaleo 'lang' Parameter Local File Include Vulnerability
BID:52530
Info
phpPaleo 'lang' Parameter Local File Include Vulnerability
| Bugtraq ID: | 52530 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-1671 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 16 2012 12:00AM |
| Updated: | Apr 04 2012 07:20PM |
| Credit: | Mark Stanislav |
| Vulnerable: |
phpPaleo phpPaleo 4.7 |
| Not Vulnerable: |
phpPaleo phpPaleo 4.8 |
Discussion
phpPaleo 'lang' Parameter Local File Include Vulnerability
phpPaleo is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.
phpPaleo 4.7 is vulnerable; other versions may also be affected.
phpPaleo is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.
phpPaleo 4.7 is vulnerable; other versions may also be affected.
Exploit / POC
phpPaleo 'lang' Parameter Local File Include Vulnerability
An attacker can exploit this issue using a browser.
An attacker can exploit this issue using a browser.
Solution / Fix
phpPaleo 'lang' Parameter Local File Include Vulnerability
Solution:
Updates are available. Please see the references for details.
Solution:
Updates are available. Please see the references for details.