CVE-2008-2481

Properties

Published:
27.05.2008
Updated:
28.05.2008
Patch available:
Severity:
High
CVSS vector:
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Product:
phpRaider: phpRaider
phpRaider: phpRaider

Vulnerability description

PHP remote file inclusion vulnerability in authentication/phpbb3/phpbb3.functions.php in phpRaider 1.0.7 and 1.0.7a, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pConfig_auth[phpbb_path] parameter.

References:

MILW0RM: http://www.milw0rm.com/exploits/5671
BID: http://www.securityfocus.com/bid/29356
FRSIRT: http://www.frsirt.com/english/advisories/2008/1646/references
SECUNIA: http://secunia.com/advisories/30375