| Secunia Advisory: | SA30909 | |
| Release Date: | 2008-07-02 | |
| Critical: | Less critical | |
| Impact: | Exposure of system information Exposure of sensitive information | |
| Where: | From remote | |
| Solution Status: | Unpatched | |
| Software: | PHP agenda 2.x | |
StAkeR has discovered a vulnerability in PHP Agenda, which can be exploited by malicious users to disclose sensitive information.
Input passed to the "page" parameter in index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources.
The vulnerability is confirmed in version 2.2.4. Other versions may also be affected.
Solution:
Edit the source code to ensure that input is properly verified.
Provided and/or discovered by:
StAkeR
資料來源 http://secunia.com/advisories/30909/
文章標籤
全站熱搜
