There is an input validation vulnerability in phpSecurePages that may allow a remote intruder to execute arbitrary code with the privileges of the running web server.
phpSecurePages is a tool for password protecting portions of websites on PHP enabled webservers. The vulnerability occurs because phpSecurePages makes insecure calls to the PHP function include(). For more detailed information, please see the Secure Reality Advisory.
A remote intruder can execute arbitrary code on the target host with the privileges of the web server.
Versions up to and including Beta 2.4 suffer from this vulnerability. Upgrade to a version above 1.0.5 from http://www.phpsecurepages.com/.
This vulnerability was discovered by Shaun Clowes <firstname.lastname@example.org> and was reported to the Bugtraq mailing list on July 03, 2001.
This document was written by Ian A. Finlay.
|Date First Published:||2001-08-09|
|Date Last Updated:||2004-07-28 15:17 UTC|