Filed in archive
AJAX
by gautam on April 5, 2007

The first security issue is due to input validation errors in framework/Controller_v5.php and framework/Controller_v4.php scripts while processing of _IncludeFilePHPClass and _ClassPath parameters which remote attackers could exploit for inclusion of malicious scripts and execution of arbitrary commands. The second one is caused due to input validation errors in the framework/Controller_v5.php and framework/Controller_v4.php scripts while processing of the __class parameter which remote hackers could exploit for including or disclosing the local file contents with the privileges of the web server.
RSPA 2007-03-23 and earlier versions have been affected by the vulnerability. No details are available as of now regarding any official patch for plugging the hole.
Trackback: http://publish.creative-weblogging.com/publish/mt-tb.pl/61744
Mr Wong
Vote for Multiple vulnerabilities reported in Really Simple PHP and Ajax:
|
Rating: 8.67 out of 3 vote(s) cast.
|
Subscribe
Use the search to look for other interesting posts
| RSS | See all blog subscribe options |
|
What is RSS? | |
| Yahoo! |
|
| Addthis |
|
| Bloglines |
|
| Newsletter | |
| Follow us on Twitter! |










