Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Forum/Board/Portal)  >   phpWebNotes Vendors:
phpWebNotes Include File Error in 'php_api.php' Lets Remote Users Execute Arbitrary Commands
SecurityTracker Alert ID:  1014807
SecurityTracker URL:
CVE Reference:   CVE-2005-2775   (Links to External Site)
Updated:  Jun 8 2008
Original Entry Date:  Aug 29 2005
Impact:   Execution of arbitrary code via network, User access via network
Exploit Included:  Yes  
Version(s): 2.0.0-pr1
Description:   A vulnerability was reported in phpWebNotes. A remote user can execute arbitrary commands on the target system.

The 'php_api.php' script does not properly validate user-supplied input in the 't_path_core' parameter. A remote user can supply a specially crafted URL to cause the target system to include and execute arbitrary PHP code from a remote location. The PHP code, including operating system commands, will run with the privileges of the target web service.

A demonstration exploit URL is provided:


Norbert reported this vulnerability.

Impact:   A remote user can execute arbitrary PHP code and operating system commands on the target system with the privileges of the target web service.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Input validation error, State error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  XSS security hole in phpwebnotes.

Hi security team!

I have found a security hole in a popular php application (not
maintained anymore). The hole already gets exploited - our server was 
hacked that way two days ago. Probably hackers just use google to find 
installations of phpwebnotes.

Version: phpWebNotes-2.0.0-pr1.tar.gz (last)

the bug is in php_api.php line 77:


this allowes to change $t_path_core which is used in api.php:

require_once( $t_path_core . 'constants_inc.php' );

this can be used for a cross site scripting attack.

how does it work:






Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, LLC