Editor Login | Register
Ekle

> World > Security
LinPHA maps_type Local File Inclusion Vulnerability - Security - World -
CWRedLight
(Date : 08.04.2008 17:03:44)


LinPHA maps_type Local File Inclusion Vulnerability
Secunia Advisory: SA29724  
Release Date: 2008-04-08

Critical:
Moderately critical
Impact: Exposure of system information
Exposure of sensitive information
Where: From remote
Solution Status: Unpatched

Software:LinPHA 1.x
Description:
A vulnerability has been discovered in LinPHA, which can be exploited by malicious people to disclose sensitive information.

Input passed via the "maps_type" configuration string to plugins/maps/map.main.class.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks.

Successful exploitation requires that "magic_quotes_gpc" is disabled.

The vulnerability is confirmed in version 1.3.3. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
EgiX credits rgod.

Original Advisory:
http://milw0rm.com/exploits/5392










Derecelendir
Kaynak http://secunia.com/advisories/29724/
İçerik İhbarı
Bağlantılar: bilgininefendisi.net

Open Source Document Project AUP&TOS