(7) HIGH: phpATM Remote File Include Vulnerability
Affected:
phpATM version 1.21 and earlier
Description: phpATM software provides file upload and download functions
for web severs. This software contains a file include vulnerability. An
attacker can pass a PHP file location to the "include_location"
parameter, and execute arbitrary PHP code on the webserver running
phpATM. This flaw has reportedly been exploited in the wild.
Status: phpATM has released version 1.30 that fixes the issue.
Council Site Actions: The affected software and/or configuration is not
in production or widespread use, or is not officially supported at any
of the council sites. They reported that no action was necessary.
References:
Posting by Ingvar
http://marc.theaimsgroup.com/?l=bugtraq&m=111653168810937&w=2
Vendor Homepage
http://phpatm.free.fr/
SecurityFocus BID
http://www.securityfocus.com/bid/13691
http://secunia.com/advisories/15420/
No comments:
Post a Comment