Kietu Index.PHP Remote File Include Vulnerability
BID:9499
Info
Kietu Index.PHP Remote File Include Vulnerability
| Bugtraq ID: | 9499 |
| Class: | Configuration Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 26 2004 12:00AM |
| Updated: | Jan 26 2004 12:00AM |
| Credit: | Discovery of this issue is credited to Himeur Nourredine <[email protected]>. |
| Vulnerable: |
Kietu Kietu 3.1 Kietu Kietu 3.0 Kietu Kietu 2.3 Kietu Kietu 2.0 |
| Not Vulnerable: | |
Discussion
Kietu Index.PHP Remote File Include Vulnerability
A flaw exists in the Kietu 'index.php' script that may permit remote attackers to include malicious remote files. Remote users may influence the include path for the 'config.php' configuration file, which may result in execution of arbitrary commands with the privileges of the webserver process.
A flaw exists in the Kietu 'index.php' script that may permit remote attackers to include malicious remote files. Remote users may influence the include path for the 'config.php' configuration file, which may result in execution of arbitrary commands with the privileges of the webserver process.
Exploit / POC
Solution / Fix
Kietu Index.PHP Remote File Include Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.