Secunia Security Advisory - Aliaksandr Hartsuyeu has discovered some vulnerabilities in PHP Pro Publish, which can be exploited by malicious people to conduct SQL injection attacks and by malicious users to compromise a vulnerable system.
75ded63352ed539683c514d6078216229cc178e0d5c0e75a975506b3f05e7da6
TITLE:
PHP Pro Publish SQL Injection Vulnerabilities
SECUNIA ADVISORY ID:
SA19882
VERIFY ADVISORY:
http://secunia.com/advisories/19882/
CRITICAL:
Moderately critical
IMPACT:
Manipulation of data
WHERE:
>From remote
SOFTWARE:
PHP Pro Publish 2.x
http://secunia.com/product/9634/
DESCRIPTION:
Aliaksandr Hartsuyeu has discovered some vulnerabilities in PHP Pro
Publish, which can be exploited by malicious people to conduct SQL
injection attacks and by malicious users to compromise a vulnerable
system.
1) Input passed to the "email" and "password" parameters in
admin/login.php, to the "find_str" parameter in search.php, and to
the "catid" parameter in cat.php isn't properly sanitised before
being used in a SQL query. This can be exploited to manipulate SQL
queries by injecting arbitrary SQL code.
Successful exploitation of certain parameters requires that
"magic_quotes_gpc" is disabled.
2) It is possible for the administrative user to inject arbitrary PHP
code into the set_inc.php file via specially-crafted input in the
"Settings" page.
Successful exploitation requires that "magic_quotes_gpc" is
disabled.
The vulnerabilities have been confirmed in version 2.0. Other
versions may also be affected.
SOLUTION:
Edit the source code to ensure that input is properly sanitised.
PROVIDED AND/OR DISCOVERED BY:
Aliaksandr Hartsuyeu
ORIGINAL ADVISORY:
http://evuln.com/vulns/131/summary.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------