Threat Level: green Handler on Duty: Tom Webb

SANS ISC: Remotely Exploitable CodeGrrl PHP Products File Inclusion Vulnerability - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Remotely Exploitable CodeGrrl PHP Products File Inclusion Vulnerability
Secunia - CodeGrrl Products "siteurl" File Inclusion Vulnerability

"Successful exploitation requires that "register_globals" is enabled."

"Solution:
Edit the source code to ensure that input is properly sanitised.

Set "register_globals" to "Off".".

FrSIRT CodeGrrl Multiple Products "siteurl" Remote File Inclusion Vulnerability
"Affected Products

PHPCurrently version 2.0 and prior
PHPQuotes version 1.0 and prior
PHPCalendar version 1.0 and prior
PHPClique version 1.0 and prior
PHPFanBase version 2.1 and prior".

Patrick

193 Posts

Sign Up for Free or Log In to start participating in the conversation!