Info

Disclosure

Nov 08, 2004

Discovery

Nov 08, 2004

Dates

Exploit

Nov 08, 2004

Solution

Unknown

Description

JAF CMS allows a remote attacker to include arbitrary local files. Input given to the "show" parameter of "config.php" is not properly sanitized before it is referenced to include a file. This vulnerability can be leveraged to include arbitrary files from the local system, resulting in information disclosure in the case of text files and script execution in the case of php scripts.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Upgrade to the most recent release of version 3.0 RC or more recent. Previous release of 3.0 RC are vulnerable. If you are unsure which distribution of 3.0 RC you are using, upgrade.

Products

Salims Softhouse	JAF CMS	1.0
		1.5
		2.0
		2.0.5
		2.1.0
		2.5
		3.0 RC

References

Security Tracker: 1012128
Bugtraq ID: 11627
Secunia Advisory ID: 13104
ISS X-Force ID: 17983
CVE ID: 2004-1505 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-11/0111.html
http://www.securityfocus.com/archive/1/380652/2004-11-05/2004-11-11/0
Other Advisory URL: http://echo.or.id/adv/adv08-y3dips-2004.txt
http://www.zone-h.org/advisories/read/id=6231
Vendor URL: http://jaf-cms.sourceforge.net
Vendor Specific News/Changelog Entry: http://sourceforge.net/forum/forum.php?forum_id=420562
http://sourceforge.net/project/shownotes.php?release_id=280492

Credit

y3dips - y3dipsecho.or.id -

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Salims Softhouse

JAF CMS

References

Credit