2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities

Summary
This host is running 2532-Gigs and is prone to Directory Traversal and SQL Injection Vulnerabilities.
Impact
Successful exploitation will allow attacker to cause directory traversal or SQL injection attacks, and can execute arbitrary code when register_globals is enabled and magic_quotes_gpc is disabled. Impact level: System/Application
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
Insight
- Vulnerability exists in activateuser.php, manage_venues.php, mini_calendar.php, deleteuser.php, settings.php, and manage_gigs.php files when input passed to the 'language' parameter is not properly verified before being used to include files via a .. (dot dot). - Input passed to the 'username' and 'password' parameters in checkuser.php is not properly sanitised before being used in SQL queries. - Error in upload_flyer.php which can be exploited by uploading a file with an executable extension, then accessing it via a direct request to the file in flyers/.
Affected
2532-Gigs version 1.2.2 and prior.
References

Updated on 2017-03-28