PhpDocumentor <= 1.3.0 RC4 Local And Remote File Inclusion Vulnerability Network Vulnerability

Summary

The remote web server contains a PHP script that is prone to file inclusion flaws. Description : phpDocumentor is a automatic documentation generator for PHP. The remote host appears to be running the web-interface of phpDocumentor. This version does not properly sanitize user input in the 'file_dialog.php' file and a test file called 'bug-559668.php' It is possible for an attacker to include remote files and execute arbitrary commands on the remote system, and display the content of sensitive files. This flaw is exploitable if PHP's 'register_globals' setting is enabled.

Solution

Disable PHP's 'register_globals' setting.

References

http://marc.theaimsgroup.com/?l=bugtraq&m=113587730223824&w=2

Updated on 2017-03-28

Severity

Classification

CVE CVE-2005-4593

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AIOCP 'cp_html2xhtmlbasic.php' Remote File Inclusion Vulnerability
Advanced Guestbook Index.PHP SQL Injection Vulnerability
Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities
Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
Alchemy Eye HTTP Command Execution

phpDocumentor <= 1.3.0 RC4 Local And Remote File Inclusion Vulnerability

Take action and discover your vulnerabilities