SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   ThinkEdit Vendors:   thinkedit.org
ThinkEdit Include File Bug in 'render.php' Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1017359
SecurityTracker URL:  http://securitytracker.com/id/1017359
CVE Reference:   CVE-2006-6426   (Links to External Site)
Date:  Dec 11 2006
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 1.9.2 and prior versions
Description:   A vulnerability was reported in ThinkEdit. A remote user can include and execute arbitrary code on the target system.

The 'render.php' script does not properly validate user-supplied input in the 'template_file' parameter. A remote user can supply a specially crafted URL to cause the target system to include and execute arbitrary PHP code from a remote location. The PHP code, including operating system commands, will run with the privileges of the target web service.

r0ut3r discovered this vulnerability.

The original advisory and demonstration exploit is available at:

http://www.milw0rm.com/exploits/2898

Impact:   A remote user can execute arbitrary PHP code and operating system commands on the target system with the privileges of the target web service.
Solution:   The vendor has issued a fixed version (1.9.3).
Vendor URL:  www.thinkedit.org/think/ (Links to External Site)
Cause:   Input validation error, State error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC