PmWiki index.php and pmwiki.php path disclosure

pmwiki-path-disclosure (24366) The risk level is classified as LowLow Risk

Description:

PmWiki is could allow a remote attacker to obtain sensitive information, caused by a vulnerability in PHP5 regarding improper validation of the $GLOBALS variable. If register_globals is enabled, a remote attacker could exploit this vulnerability by sending a specially-crafted URL request to the index.php or pmwiki.php script, which would cause an error message to be returned containing the full installation path.


Consequences:

Obtain Information

Remedy:

Upgrade to the latest version of PmWiki (2.1 beta 21 or later), available from the PmWiki Web site. See References.

References:

  • Full-Disclosure Mailing List, Sat Jan 28 2006 - 14:07:16 CST: PmWiki Multiple Vulnerabilities.
  • PmWiki Web site: Download.
  • ush.it - a beautiful place, January 24, 2006 : PmWiki Multiple Vulnerabilities.
  • BID-16421: PmWiki Multiple Input Validation Vulnerabilities
  • CVE-2006-0479: pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[] variable with the same name, which causes PmWiki to unset the GLOBALS[] variable but not the GPC variable, which creates resultant vulnerabilities such as remote file inclusion and cross-site scripting (XSS).
  • SA18634: PmWiki Unregister "register_globals" Layer Bypass
  • SECTRACK ID: 1015550: PmWiki Include File Bug Lets Remote Users Execute Arbitrary Code and Input Validation Bugs Permit Cross-Site Scripting, and Path Disclosure Attacks
  • VUPEN/ADV-2006-0375: PmWiki Multiple Script GLOBALS Array Handling Remote Vulnerabilities

Platforms Affected:

  • Patrick R. Michaud PmWiki 2.1 b20

Reported:

Jan 28, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page