PMB Services multiple scripts file include

pmbservices-multiple-scripts-file-include (32890) The risk level is classified as MediumMedium Risk

Description:

PMB Services could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request to multiple scripts to specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable Web server.

Note: The following scripts and parameters are affected by this vulnerability:
includes/resa_func.inc.php using the class_path parameter
includes/bull_info.inc.php using the include_path parameter
includes/options/options_date_box.php using the include_path parameter
includes/options/options_file_box.php using the include_path parameter
includes/options/options_list.php using the include_path parameter
includes/options/options_query_list.php using the include_path parameter
includes/options/options_text.php using the include_path parameter
includes/options_empr/options.php using the include_path parameter
includes/options_empr/options_comment.php using the include_path parameter
includes/options_empr/options_date_box.php using the include_path parameter
includes/options_empr/options_list.php using the include_path parameter
includes/options_empr/options_query_list.php using the include_path parameter
includes/options_empr/options_text.php using the include_path parameter
admin/import/iimport_expl.php using the include_path parameter
admin/netbase/clean.php using the include_path parameter
admin/notices/perso.inc.php using the class_path parameter
admin/quotas/main.inc.php using the class_path parameter
admin/param/param_func.inc.php using the include_path parameter
admin/sauvegarde/lieux.inc.php using the include_path parameter
opac_css/rec_panier.php using the base_path parameter
opac_css/includes/author_see.inc.php using the base_path parameter
autorites.php using the include_path parameter
account.php using the include_path parameter
cart.php using the include_path parameter
edit.php using the include_path parameter

Platforms Affected:

  • PMB Services, PMB Services 3.0.13 and prior

Remedy:

Upgrade to the latest version of PMB (3.0.15 or later), available from the PMB Services Web site. See References.

Consequences:

Gain Access

References:

  • BugTraq Mailing List, Sat Mar 10 2007 - 06:17:42 CST , [ECHO_ADV_68$2007] PMB Services <= 3.0.13 Multiple Remote File Inclusion Vulnerability at http://archives.neohapsis.com/archives/bugtraq/2007-03/0101.html.
  • PMB Services Web site, PMB at http://www.sigb.net/download.php.
  • PMB Services Web site, PMB at http://www.sigb.net/.
  • BID-22895: PMB Multiple Remote File Include Vulnerabilities
  • CVE-2007-1415: Multiple PHP remote file inclusion vulnerabilities in PMB Services 3.0.13 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) class_path parameter to (a) includes/resa_func.inc.php (b) admin/notices/perso.inc.php, or (c) admin/quotas/main.inc.php; the (2) base_path parameter to (d) opac_css/rec_panier.php or (e) opac_css/includes/author_see.inc.php; or the (3) include_path parameter to (f) bull_info.inc.php or (g) misc.inc.php in includes/; (h) options_date_box.php, (i) options_file_box.php, (j) options_list.php, (k) options_query_list.php, or (l) options_text.php in includes/options/; (m) options.php, (n) options_comment.php, (o) options_date_box.php, (p) options_list.php, (q) options_query_list.php, or (r) options_text.php in includes/options_empr/; or (
  • FrSIRT/ADV-2007-0917: PMB Multiple Parameter Handling Remote File Inclusion and Code Execution Vulnerabilities
  • OSVDB ID: 35101: PMB Services includes/resa_func.inc.php class_path Variable Remote File Inclusion
  • OSVDB ID: 35102: PMB Services includes/bull_info.inc.php include_path Variable Remote File Inclusion
  • OSVDB ID: 35103: PMB Services includes/options/options_date_box.php include_path Variable Remote File Inclusion
  • OSVDB ID: 35104: PMB Services includes/options/options_file_box.php include_path Variable Remote File Inclusion
  • OSVDB ID: 35105: PMB Services includes/options/options_list.php include_path Variable Remote File Inclusion
  • OSVDB ID: 35106: PMB Services includes/options/options_query_list.php include_path Variable Remote File Inclusion
  • OSVDB ID: 35107: PMB Services includes/options/options_text.php include_path Variable Remote File Inclusion
  • OSVDB ID: 35108: PMB Services includes/options_empr/options.php include_path Variable Remote File Inclusion
  • OSVDB ID: 35109: PMB Services includes/options_empr/options_comment.php include_path Variable Remote File Inclusion
  • OSVDB ID: 35110: PMB Services includes/options_empr/options_date_box.php include_path Variable Remote File Inclusion
  • OSVDB ID: 35111: PMB Services includes/options_empr/options_list.php include_path Variable Remote File Inclusion
  • OSVDB ID: 35112: PMB Services includes/options_empr/options_query_list.php include_path Variable Remote File Inclusion
  • OSVDB ID: 35113: PMB Services includes/options_empr/options_text.php include_path Variable Remote File Inclusion
  • OSVDB ID: 35114: PMB Services admin/import/iimport_expl.php include_path Variable Remote File Inclusion
  • OSVDB ID: 35115: PMB Services admin/netbase/clean.php include_path Variable Remote File Inclusion
  • OSVDB ID: 35116: PMB Services admin/notices/perso.inc.php class_path Variable Remote File Inclusion
  • OSVDB ID: 35117: PMB Services admin/quotas/main.inc.php class_path Variable Remote File Inclusion
  • OSVDB ID: 35118: PMB Services admin/param/param_func.inc.php include_path Variable Remote File Inclusion
  • OSVDB ID: 35119: PMB Services admin/sauvegarde/lieux.inc.php include_path Variable Remote File Inclusion
  • OSVDB ID: 35120: PMB Services opac_css/rec_panier.php base_path Variable Remote File Inclusion
  • OSVDB ID: 35121: PMB Services opac_css/includes/author_see.inc.php base_path Variable Remote File Inclusion
  • OSVDB ID: 35122: PMB Services autorites.php include_path Variable Remote File Inclusion
  • OSVDB ID: 35123: PMB Services account.php include_path Variable Remote File Inclusion
  • OSVDB ID: 35124: PMB Services cart.php include_path Variable Remote File Inclusion
  • OSVDB ID: 35125: PMB Services edit.php include_path Variable Remote File Inclusion

Reported:

Mar 09, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page