|
| From: | nobody |
| Subject: | [Phpgroupware-tracker] [bug #4385] arbitrary PHP code or system commands execution |
| Date: | Sun, 20 Jul 2003 14:58:20 -0400 |
| User-agent: | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) |
=================== BUG #4385: FULL BUG SNAPSHOT =================== http://savannah.gnu.org/bugs/?func=detailbug&bug_id=4385&group_id=509 Submitted by: cyon Project: phpGroupWare Submitted on: Sun 07/20/2003 at 18:58 Category: API - phpGWapi Bug Group: 0.9.14.004/5 release Severity: 5 - Major Priority: Immediate Resolution: None Assigned to: None Status: Open Component Version: TGZ Platform Version: Linux - RedHat Reproducibility: Every Time Summary: arbitrary PHP code or system commands execution Original Submission: Here is limited information on the secuirty risk. Wasn't sure if this bug submittion was made public. Description: /phpgwapi/setup/tables_update.inc.php allows anyone to execute arbitrary PHP code or system commands with privileges of web server. A user can easily include remote PHP files to be parsed. Phil - address@hidden No Followups Have Been Posted CC list is empty No files currently attached For detailed info, follow this link: http://savannah.gnu.org/bugs/?func=detailbug&bug_id=4385&group_id=509 _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/
| [Prev in Thread] | Current Thread | [Next in Thread] |