CVE-2006-4962

Properties

Published:
22.09.2006
Updated:
26.02.2008
Patch available:
Severity:
Medium
CVSS vector:
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
Product:
Blue Dragon: PHP Blue Dragon
Blue Dragon: PHP Blue Dragon

Vulnerability description

Directory traversal vulnerability in pbd_engine.php in Php Blue Dragon 2.9.1 and earlier allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence via the phpExt parameter, as demonstrated by executing PHP code in a log file.

References:

http://milw0rm.com/exploits/2402: http://milw0rm.com/exploits/2402
FRSIRT: http://www.frsirt.com/english/advisories/2006/3736
SECUNIA: http://secunia.com/advisories/22031
BID: http://www.securityfocus.com/bid/20123
XF: http://xforce.iss.net/xforce/xfdb/29067
MILW0RM: http://www.milw0rm.com/exploits/4277
BID: http://www.securityfocus.com/bid/25264