Secunia Security Advisory 20847

Secunia Security Advisory 20847: Posted Jun 29, 2006; Authored by Secunia | Site secunia.com; Secunia Security Advisory - Kurdish Security has discovered a vulnerability in MF Piadas, which can be exploited by malicious users to compromise a vulnerable system.; tags | advisory; SHA-256 | d19a0d903fdb2d35be63ec9338bcc212c13b2102e032344a666d082573614703; Download | Favorite | View

Secunia Security Advisory 20847



----------------------------------------------------------------------

Want to join the Secunia Security Team?

Secunia offers a position as a security specialist, where your daily
work involves reverse engineering of software and exploit code,
auditing of source code, and analysis of vulnerability reports.

http://secunia.com/secunia_security_specialist/

----------------------------------------------------------------------

TITLE:
MF Piadas "page" Parameter File Inclusion Vulnerability

SECUNIA ADVISORY ID:
SA20847

VERIFY ADVISORY:
http://secunia.com/advisories/20847/

CRITICAL:
Moderately critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
MF Piadas 1.x
http://secunia.com/product/10666/

DESCRIPTION:
Kurdish Security has discovered a vulnerability in MF Piadas, which
can be exploited by malicious users to compromise a vulnerable
system.

Input passed to the "page" parameter in admin/admin.php isn't
properly verified, before it is used to include files. This can be
exploited to include arbitrary files from external and local
resources.

Successful exploitation requires administrative privileges.

The vulnerability has been confirmed in version 1.0. Other versions
may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY:
Kurdish Security

ORIGINAL ADVISORY:
http://kurdishsecurity.blogspot.com/2006/06/kurdish-security-10-mf-piadas-10.html

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Top Authors In Last 30 Days

Red Hat 308 files
Ubuntu 67 files
Debian 24 files
Gentoo 8 files
Google Security Research 7 files
LiquidWorm 6 files
Apple 5 files
Jann Horn 3 files
Spencer McIntyre 3 files
Milad Karimi 3 files

File Archives

Systems

AIX (430)
Apple (2,133)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,177)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,160)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,495)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,025)
UNIX (9,482)
UnixWare (188)
Windows (6,786)
Other

Secunia Security Advisory 20847

Secunia Security Advisory 20847

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Secunia Security Advisory 20847

Share This

Secunia Security Advisory 20847

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems