Secunia Advisory: SA20981
Release Date: 2006-07-10
Last Update: 2006-07-13
Critical:
Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: SimpleBoard 1.x (component for Mambo)
Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.
CVE reference: CVE-2006-3528
Description:
h4ntu has discovered a vulnerability in the SimpleBoard component for Mambo, which can be exploited by malicious people to compromise a vulnerable system.
Input passed to the "sbp" parameter in components/com_simpleboard/image_upload.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources.
Successful exploitation requires that "register_globals" is enabled.
The vulnerability has been confirmed in version 1.1.0. Other versions may also be affected.
Solution:
Edit the source code to ensure that input is properly verified.
Set "register_globals" to "Off".
Provided and/or discovered by:
h4ntu
Changelog:
2006-07-13: Added CVE reference.
Original Advisory:
http://milw0rm.com/exploits/1994
|
0 komentar