vendor:
PHP Generator of Object SQL Database (PGOSD)
by:
xoron
8,3
CVSS
HIGH
Remote File Include
98
CWE
Product Name: PHP Generator of Object SQL Database (PGOSD)
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006
PHP Generator of Object SQL Database (path) Remote File Include Vulnerability
A remote file include vulnerability exists in the PHP Generator of Object SQL Database (PGOSD) script. The vulnerability is due to the 'path' parameter in the 'function.php3' script not properly sanitized before being used in a 'include' PHP function. This can be exploited to include arbitrary remote files by passing a URL in the 'path' parameter. Successful exploitation requires that 'register_globals' is set to 'on'.
Mitigation:
Set 'register_globals' to 'off' and ensure that user input is properly sanitized before being used in a 'include' PHP function.
