ProjectButler PHP Remote File Inclusion Vulnerability Network Vulnerability

Summary

This host is installed with ProjectButler and is prone to PHP Remote File Inclusion vulnerability.

Impact

Attacker can exploit this issue to execute remote PHP code by passing the mailicious URL into the 'offset' parameter. Impact Level: Application

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

The input passed into the 'pda_projects.php' script is not sufficiently sanitized before being returned to the user.

Affected

ProjectButler version 1.5.0 and prior.

References

http://heapoverflow.com/f0rums/sitemap/t-17452.html

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-2791

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe ColdFusion Information Disclosure Vulnerability
Adobe ColdFusion Multiple Vulnerabilities-01 May-2014
Admin News Tools Multiple Vulnerabilities
Artifectx xClassified 'catid' SQL Injection Vulnerability
AdMentor Login Flaw

Take action and discover your vulnerabilities