S-147: Connectix Boards 'part_userprofile.php' Vulnerability

Tags

php, security, vulnerability

Special Forums Cybersecurity Security Advisories (RSS) S-147: Connectix Boards 'part_userprofile.php' Vulnerability

01-31-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

S-147: Connectix Boards 'part_userprofile.php' Vulnerability

Connectix Boards is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. The risk is MEDIUM. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

Previous Thread | Next Thread

2 More Discussions You Might Find Interesting

1. OS X (Apple)

The DC Control and Timer boards for AudioScope.sh...

Hi all... Apologies for any typos... For those intersted in the AudioScope the next construction is finished. I have not been totally idle but working out the hard stuff to be able to be very simple to build. It is a single transistor simple timer that lasts for about 1.2 to 1.8 seconds....

2. UNIX for Dummies Questions & Answers

UBB boards?

How would i go about making a UBB board. I have downloaded Perl but what else do i need?

LEARN ABOUT SUSE

php-config5

php-config(1)							Scripting Language						     php-config(1)

NAME

       php-config - get information about PHP configuration and compile options

SYNOPSIS

       php-config [options]

DESCRIPTION

       php-config is a simple shell script for obtaining information about installed PHP configuration.

OPTIONS

       --prefix       Directory prefix where PHP is installed, e.g. /usr/local
       --includes     List of -I options with all include files
       --ldflags      LD Flags which PHP was compiled with
       --libs	      Extra libraries which PHP was compiled with
       --extension-dir
		      Directory where extensions are searched by default
       --include-dir  Directory prefix where header files are installed by default
       --php-binary   Full path to php CLI or CGI binary
       --php-sapis    Show all SAPI modules available
       --configure-options
		      Configure options to recreate configuration of current PHP installation
       --version      PHP version
       --vernum       PHP version as integer

       SEE ALSO
	      php(1)

VERSION INFORMATION

       This manpage describes php, version 5.3.2.

COPYRIGHT

       Copyright (C) 1997-2006 The PHP Group

       This  source  file  is  subject to version 3.01 of the PHP license, that is bundled with this package in the file LICENSE, and is available
       through the world-wide-web at the following url:
       http://www.php.net/license/3_01.txt

       If you did not receive a copy of the PHP license and  are  unable  to  obtain  it  through  the	world-wide-web,  please  send  a  note	to
       license@php.net so we can mail you a copy immediately.

The PHP Group							       2006							     php-config(1)

Security Advisories (RSS)