PHPGedView Arbitrary File Inclusion Vulnerabilities

  • Identifique-se para criar novos tópicos neste fórum
  • Visitantes anônimos não podem postar neste fórum
 
Gilberto Galdino de Oliveira  Membro De: Guarulhos - São Paulo - Brasil  Postagens: 171

Cedric Cochin has identified two vulnerabilities in PhpGedView,
Allowing malicious people estou compromise a vulnerable system.
The problem is that the "PGV_BASE_DIRECTORY" parameter isn't properly verified in certain scripts. This can be exploited by malicious estou supply paths estou local and external resources.
Another problem is that the "editconfig_gedcom.php" script doesn't verify input properly, allowing malicious administrative users estou include arbitrary local and external files. The vulnerabilities have been reported in version 2.65.1. Prior.
Versions may also be affected.

SOLUTION: Update estou version 2.65.2.
http://sourceforge.net/project/showfiles.php?group_id=55456&package_id=61562&release_id=141517

CRITICAL: Highly critical.

IMPACT: System access.

WHEFrom remote.

SOFTWAPhpGedView 2.x.

PROVIDED AND/OR DISCOVERED BY: Cedric Cochin

  Pesquisa avançada






Entrada

Codinome:


Senha:





Perdeu a senha?  |Cadastre-se!


Quem nos visita
Há 26 visitantes neste momento... (11 na seção Fóruns)

Associados: 0
Anônimos: 26

outros...

Banner XOOPS Cube