OSVDB ID: 86075

Title: PHP Support Tickets /classes/GUI/abstract.GUI.php getPageName() Function Remote Code Execution

Info

Disclosure

Sep 12, 2011

Discovery

Unknown

Dates

Exploit

Sep 12, 2011

Solution

Unknown

Description

PHP Support Tickets contains a flaw that is triggered when the getPageName() function of the /classes/GUI/abstract.GUI.php script fails to properly sanitize user-supplied input. This may allow a remote attacker to execute arbitrary code.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure
OSVDB: Web Related

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

Triangle Solutions Ltd.

PHP Support Tickets

2.2

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/86075