eFiction Manage Images code execution

efiction-manage-images-code-execution (23375) The risk level is classified as HighHigh Risk

Description:

eFiction could allow a remote attacker to execute arbitrary PHP code. A remote attacker with the ability to upload images could upload a specially-crafted image file with an arbitrary file extension using the Manage Images functionality. A remote attacker could exploit this vulnerability to execute arbitrary PHP code on the victim's system.


Consequences:

Gain Access

Remedy:

Upgrade to the latest version of eFiction (3.3 or later), available from the eFiction Web site. See References.

References:

  • BugTraq Mailing List, Fri Nov 25 2005 - 05:22:11 CST: eFiction <= 2.0 multiple vulnerabilities.
  • eFiction Web site: eFiction : Automated Archive Software.
  • BID-15568: eFiction Multiple Input Validation Vulnerabilities
  • CVE-2005-4171: The Upload new image command in the Manage Images eFiction 1.1, when members are allowed to upload images, allows remote attackers to execute arbitrary PHP code by uploading a filename with a .php extension that contains a GIF header, which passes the image validity check but executes any PHP code within the file.
  • OSVDB ID: 21124: eFiction Image Upload Arbitrary Command Execution
  • SA17777: eFiction Multiple Vulnerabilities
  • SECTRACK ID: 1015273: eFiction Input Validation Holes Let Remote Users Inject SQL Commands, Conduct Cross-Site Scripting Attacks, and Execute Arbitrary Code

Platforms Affected:

  • eFiction eFiction 1.0
  • eFiction eFiction 1.1
  • eFiction eFiction 2.0

Reported:

Nov 25, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page