[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-tracker] [bug #4385] arbitrary PHP code or system commands
From: |
nobody |
Subject: |
[Phpgroupware-tracker] [bug #4385] arbitrary PHP code or system commands execution |
Date: |
Mon, 21 Jul 2003 11:55:39 -0400 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030626 |
=================== BUG #4385: LATEST MODIFICATIONS ==================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=4385&group_id=509
Changes by: Ralf Becker <address@hidden>
Date: Mon 07/21/2003 at 17:55 (Europe/Berlin)
What | Removed | Added
---------------------------------------------------------------------------
Resolution | None | Fixed
Assigned to | None | ralfbecker
Status | Open | Closed
------------------ Additional Follow-up Comments ----------------------------
This has been fixed in CVS and should be available in the next
release.
=================== BUG #4385: FULL BUG SNAPSHOT ===================
Submitted by: cyon Project: phpGroupWare
Submitted on: Sun 07/20/2003 at 20:58
Category: API - phpGWapi Bug Group: 0.9.14.004/5 release
Severity: 5 - Major Priority: Immediate
Resolution: Fixed Assigned to: ralfbecker
Status: Closed Component Version: TGZ
Platform Version: Linux - RedHat Reproducibility: Every Time
Summary: arbitrary PHP code or system commands execution
Original Submission: Here is limited information on the secuirty risk. Wasn't
sure if this bug submittion was made public.
Description:
/phpgwapi/setup/tables_update.inc.php allows anyone to
execute arbitrary PHP code or system commands with
privileges of web server. A user can easily include
remote PHP files to be parsed.
Phil - address@hidden
Follow-up Comments
*******************
-------------------------------------------------------
Date: Mon 07/21/2003 at 17:55 By: ralfbecker
This has been fixed in CVS and should be available in the next
release.
CC list is empty
No files currently attached
For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=4385&group_id=509
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/