Kw3[R]Ln has discovered some vulnerabilities in various Pearl products, which can be exploited by malicious people to compromise a vulnerable system.

Input passed to the "GlobalSettings[templatesDirectory]" and "Document[languagePreference]" parameters in various scripts in the "includes" directory isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources.

The following scripts are affected:
* adminAttachments.php
* adminAvatars.php
* adminBackupdatabase.php
* adminBanned.php
* adminBoards.php
* adminDocumentation.php
* adminEmails.php
* adminErrorlogs.php
* adminForums.php
* adminGroups.php
* adminMembers.php
* adminPolls.php
* adminReserved.php
* adminSensored.php
* adminSettings.php
* adminSmileys.php
* help.php
* locale.php
* login.php
* members.php
* merge.php
* move.php
* notify.php
* password.php
* password.php
* poll.php
* post.php
* profile.php
* register.php
* search.php
* split.php
* terms.php
* topics.php

Successful exploitation requires that "register_globals" is enabled.

The vulnerabilities have been confirmed in the following products:
* Ngoc Biec 1.4
* Pearl For Biz 2.4
* Pearl For Mambo 1.6 (module for Mambo)
* Pearl Forums 2.4

Other versions may also be affected.

Solution
Edit the source code to ensure that input is properly verified.
Further details available in Customer Area

Provided and/or discovered by
Kw3[R]Ln, Romanian Security Team

Additional information provided by zero, Moroccan Security Team.

Changelog
Further details available in Customer Area

Original Advisory
http://milw0rm.com/exploits/1956

Deep Links
Links available in Customer Area