OSVDB ID: 27676

Title: Php Blue Dragon CMS team_admin.php vsDragonRootPath Variable Remote File Inclusion

Info

Disclosure

Jun 22, 2006

Discovery

Unknown

Dates

Exploit

Jun 22, 2006

Solution

Unknown

Description

Php Blue Dragon CMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to team_admin.php not properly sanitizing user input supplied to the 'vsDragonRootPath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Available
OSVDB: Web Related

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

PBDTeam	Php Blue Dragon CMS	1.x.x
		2.0.x
		2.2.x
		2.4.x
		2.6.x
		2.7.0
		2.8.0
		2.9.0
		2.9.1

References

Bugtraq ID: 18609
CVE ID: 2006-6958 (see also: NVD)
ISS X-Force ID: 27152
Related OSVDB ID: 27677 27678 27679
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0509.html
Packet Storm: http://packetstormsecurity.org/0606-exploits/phpbluedragon-2.txt
Vendor URL: http://phpbluedragon.net/

Credit

shm - rozowa.landrynkaspam.nation.pl -

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

PBDTeam

Php Blue Dragon CMS

References

Credit