Opt-X header.php Remote File Include Vulnerability
BID:9732
Info
Opt-X header.php Remote File Include Vulnerability
| Bugtraq ID: | 9732 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 24 2004 12:00AM |
| Updated: | Feb 24 2004 12:00AM |
| Credit: | The disclosure of this issue has been credited to G00db0y from Zone-h Security Labs <[email protected]>. |
| Vulnerable: |
THe Opt-x Project Opt-X 0.7.2 |
| Not Vulnerable: | |
Discussion
Opt-X header.php Remote File Include Vulnerability
It has been reported that Opt-X may be prone to a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable system. The problem reportedly exists because remote users may influence the 'systempath' variable in the header.php module.
Opt-X version 0.7.2 has been reported to be prone to this issue.
It has been reported that Opt-X may be prone to a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable system. The problem reportedly exists because remote users may influence the 'systempath' variable in the header.php module.
Opt-X version 0.7.2 has been reported to be prone to this issue.
Exploit / POC
Solution / Fix
Opt-X header.php Remote File Include Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Opt-X header.php Remote File Include Vulnerability
References:
References:
- Opt-X Homepage (THe Opt-x Project)
- ZH2004-10SA (security advisory): file inclusion vulnerability in Opt-X (Zone-H)