S8Forum register.php script could allow an attacker to execute commands
| s8forum-register-command-execution (10974) |  High Risk |
Description:
S8Forum could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the register.php script. A remote attacker could pass arbitrary commands to the server in the name, email, or password field to execute arbitrary commands on the system.
Platforms Affected:
- Kelli Shaver, S8Forum 3.0
Remedy:
No remedy available as of July 4, 2009.
Consequences:
Gain Access
References:
- VulnWatch Mailing List, Sun Jan 05 2003 - 00:35:55 CST , A security vulnerability in S8Forum at http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0004.html.
- BID-6547: S8Forum Remote Command Execution Vulnerability
- CVE-2003-1252: register.php in S8Forum 3.0 allows remote attackers to execute arbitrary PHP commands by creating a user whose name ends in a .php extension and entering the desired commands into the E-mail field, which creates a web-accessible .php file that can be called by the attacker, as demonstrated using a system($cmd) E-mail address with a any_name.php username.
- SA7819: S8Forum injection of arbitrary code
- SECTRACK ID: 1005881: S8Forum Input Validation Flaw Lets Remote Users Execute Operating System Commands on the Target Server
Reported:
Jan 05, 2003
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net