|
|
>> P-News Arbitrary PHP File Upload and Remote Information Disclosure Vulnerabilities
|
Title : P-News Arbitrary PHP File Upload and Remote Information Disclosure Vulnerabilities
VUPEN ID : VUPEN/ADV-2006-4770
CVE ID : CVE-2006-7113 - CVE-2006-7114
Rated as : High Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-11-29
|
Multiple vulnerabilities have been identified in P-News, which could be exploited by remote attackers to compromise a vulnerable server or disclose sensitive information.
The first issue is due to an input validation error in the Avatar upload feature that does not validate file extensions, which could be exploited by remote attackers to upload malicious PHP scripts and execute arbitrary commands with the privileges of the web server.
The second issue is due to a design error where the "db/user.txt" file is stored insecurely inside the web folder, which could be exploited by attackers to disclose sensitive information (i.e. usernames and passwords).
Affected Products
P-News version 2.0 and prior
Solution
VUPEN Security is not aware of any vendor-supplied patch.
References
http://www.vupen.com/english/advisories/2006/4770
Credits
Vulnerabilities reported by Gummiente
ChangeLog
2006-11-29 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
