‫ phpFox static/ajax.php Command Injection Vulnerability

IRCAD2012031809
ID: IRCAD2012031809
Release Date: 2012-03-26
Criticality level: Highly critical
Software:
phpFox 2.x
phpFox 3.x
Description:
A vulnerability has been reported in phpFox, which can be exploited by malicious people to compromise a vulnerable system.
Input passed via the "phpfox[call]" or "core[call]" POST parameter to static/ajax.php is not properly verified in the "Phpfox_Module::getComponent()" function within include/library/phpfox/module/module.class.php before being used in an "eval()" call. This can be exploited to inject and execute certain shell commands.
The vulnerability is reported in 2.x versions prior to 2.1.0 (build 3) and 3.x versions prior to 3.0.1 (build 3).
Solution
Update to version 2.1.0 (build 3) or 3.0.1 (build 3).
References:
phpFox:
Egidio Romano:
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 8 فروردین 1391

امتیاز

امتیاز شما
تعداد امتیازها:0