phpGB savesettings.php script could allow unauthorized access
| phpgb-savesettings-unauth-access (10065) |  Medium Risk |
Description:
phpGB could allow a remote attacker to bypass security and gain unauthorized access, caused by improper authentication verification by the savesettings.php script. This could allow an attacker to corrupt the config.php script to cause a denial of service against the guestbook or insert PHP commands in the config.php script, which would allow the attacker to execute shell commands on the system or read any file on the system.
Consequences:
Gain Access
Remedy:
Upgrade to the latest version of phpGB (1.4 or later), available from Michael Walzl's Web page. See References.
References:
- BugTraq Mailing List, Mon Sep 09 2002 - 02:28:06 CDT: phpGB: DoS and executing_arbitrary_commands.
- Michael Walzl's Web site: Michael Walzl's Homepage.
- BID-5679: phpGB PHP Code Injection Vulnerability
- BID-568: Microsoft FrontPage PWS DoS Vulnerability
- CVE-2002-1481: savesettings.php in phpGB 1.20 and earlier does not require authentication, which allows remote attackers to cause a denial of service or execute arbitrary PHP code by using savesettings.php to modify config.php.
Platforms Affected:
- Michael Walzl phpGB 1.20
Reported:
Sep 09, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net