|
P-News Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA23103
|
|
|
Release Date:
|
2006-11-29
|
|
Last Update:
|
2007-03-06
|
|
Popularity:
|
4,136 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Exposure of sensitive information
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | P-News 2.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2006-6888
CVE-2006-7113
CVE-2006-7114
|
|
Description:
A security issue and a vulnerability have been discovered in P-News, which can be exploited by malicious people to disclose sensitive information and malicious users to compromise a vulnerable system.
1) The security issue is caused due to improper restrictions on "db/user.txt", which can be exploited to disclose certain sensitive information, e.g. usernames and MD5 hashes of passwords.
2) The profile editor does not check the file extension of uploaded avatars. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP file as avatar.
The security issue and the vulnerability are confirmed in version 2.0. Other versions may also be affected.
Solution:
Restrict access to db/user.txt and edit the source code to ensure that file extensions are properly checked.
Provided and/or discovered by:
1) Lu7k
2) Gummiente
Changelog:
2007-01-10: Added CVE reference.
2007-03-06: Added CVE reference.
Original Advisory:
http://milw0rm.com/exploits/2862
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
