Multiple vulnerabilities reported in Really Simple PHP and Ajax
Filed in archive AJAX on April 5, 2007
Hamid Ebadi has identified multiple vulnerabilities in the case of Really Simple PHP and Ajax or RSPA which hackers could exploit for executing arbitrary commands. This is a high risk vulnerability which can be remotely exploited.
The first security issue is due to input validation errors in framework/Controller_v5.php and framework/Controller_v4.php scripts while processing of _IncludeFilePHPClass and _ClassPath parameters which remote attackers could exploit for inclusion of malicious scripts and execution of arbitrary commands. The second one is caused due to input validation errors in the framework/Controller_v5.php and framework/Controller_v4.php scripts while processing of the __class parameter which remote hackers could exploit for including or disclosing the local file contents with the privileges of the web server.
RSPA 2007-03-23 and earlier versions have been affected by the vulnerability. No details are available as of now regarding any official patch for plugging the hole.
Tags: RSPA Really Simple PHP and Ajax security vulnerability ajax really+simple
Vote for Multiple vulnerabilities reported in Really Simple PHP and Ajax:
|
Rating: 8.67 out of 3 vote(s) cast.
|
| RSS |  |
 | |
| Yahoo! |
|
| Addthis |
|
| Bloglines |
|
| Follow us on Twitter! |
Most Popular
AJAX
Application Development
Awards
Basics
Best of
Business
conference
Did you know
E-Commerce
Information About
Management
Misc
Mobile Devices
mobile phones
Monthly Contest
Personal
Programming
Quick introduction
Security
Service Oriented Architectures