java

Multiple vulnerabilities reported in Really Simple PHP and Ajax

Filed in archive AJAX on April 5, 2007

Multiple vulnerabilities reported in Really Simple PHP and Ajax
Hamid Ebadi has identified multiple vulnerabilities in the case of Really Simple PHP and Ajax or RSPA which hackers could exploit for executing arbitrary commands. This is a high risk vulnerability which can be remotely exploited.

The first security issue is due to input validation errors in framework/Controller_v5.php and framework/Controller_v4.php scripts while processing of _IncludeFilePHPClass and _ClassPath parameters which remote attackers could exploit for inclusion of malicious scripts and execution of arbitrary commands. The second one is caused due to input validation errors in the framework/Controller_v5.php and framework/Controller_v4.php scripts while processing of the __class parameter which remote hackers could exploit for including or disclosing the local file contents with the privileges of the web server.

RSPA 2007-03-23 and earlier versions have been affected by the vulnerability. No details are available as of now regarding any official patch for plugging the hole.


Permalink: Multiple vulnerabilities reported in Really Simple PHP and Ajax

Tags: RSPA  Really  Simple  PHP  and  Ajax  security  vulnerability  ajax  really+simple 

Vote for Multiple vulnerabilities reported in Really Simple PHP and Ajax:

  • Currently 8.67/10
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
Rating: 8.67 out of 3 vote(s) cast.
 
Share It
RSSrss
Google google
Yahoo! yahoo
Addthis Subscribe using any feed reader!
Bloglines Bloglines
TwitterFollow us on Twitter!
Most Popular   AJAX   Application Development   Awards   Basics   Best of   Business   conference   Did you know   E-Commerce   Information About   Management   Misc   Mobile Devices   mobile phones   Monthly Contest   Personal   Programming   Quick introduction   Security   Service Oriented Architectures