|
|
>> P-News Arbitrary PHP File Upload and Remote Information Disclosure Vulnerabilities
|
Title : P-News Arbitrary PHP File Upload and Remote Information Disclosure Vulnerabilities
VUPEN ID : VUPEN/ADV-2006-4770
CVE ID : CVE-2006-7113 - CVE-2006-7114
Rated as : High Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-11-29
|
|
Multiple vulnerabilities have been identified in P-News, which could be exploited by remote attackers to compromise a vulnerable server or disclose sensitive information.
The first issue is due to an input validation error in the Avatar upload feature that does not validate file extensions, which could be exploited by remote attackers to upload malicious PHP scripts and execute arbitrary commands with the privileges of the web server.
The second issue is due to a design error where the "db/user.txt" file is stored insecurely inside the web folder, which could be exploited by attackers to disclose sensitive information (i.e. usernames and passwords).
Credits
Vulnerabilities reported by Gummiente
ChangeLog
2006-11-29 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
