======================================================================== phpAdsNew / phpPgAds security advisory PHPADSNEW-SA-2005-001 ------------------------------------------------------------------------ Advisory ID: PHPADSNEW-SA-2005-001 Date: 2005-Aug-17 Security risk: highly critical Applications affetced: phpAdsNew, phpPgAds Versions affected: <= 2.0.5 Versions not affected: >= 2.0.6 ======================================================================== ======================================================================== Vulnerability 1: arbitrary PHP code execution ------------------------------------------------------------------------ Impact: system access Where: from remote ======================================================================== Description ----------- Stefan Esser of the Hardened-PHP Project reported a serious vulnerablility in the third-party XML-RPC library included with phpAdsNew and phpPgAds. An attacker could execute arbitrary PHP code on a vulnerable site. Solution -------- - Upgrade to phpAdsNew or phpPgAds 2.0.6. References ---------- http://www.hardened-php.net/advisory_152005.67.html ======================================================================== Vulnerability 2: local file inclusion ------------------------------------------------------------------------ Impact: system access Where: from remote ======================================================================== Description ----------- Maksymilian Arciemowicz of the securityreason.com team reported a local file inclusion vulnerablility in phpAdsNew and phpPgAds, caused by missing sanitization of a GET variable. Solution -------- - Upgrade to phpAdsNew or phpPgAds 2.0.6. References ---------- [phpAdsNew 2.0.5 Local file inclusion cXIb8O3.16] http://www.securityreason.com/ ======================================================================== Vulnerability 3: SQL injection ------------------------------------------------------------------------ Impact: application admin access (+ potential system access) Where: from remote ======================================================================== Description ----------- Pine Digital Security reported an SQL injection vulnerablility in phpAdsNew and phpPgAds, caused by missing sanitization of the clientid GET variable. The vulnerability seems to be exploitable with MySQL 4.1+ or PostgreSQL to obtain administrator access to the application. Depending on the database user permissions, an attacker could also gain access to the local filesystem. Solution -------- - Upgrade to phpAdsNew or phpPgAds 2.0.6. References ---------- http://www.pine.nl/ Contact informations ==================== The security contact for phpAdsNew and phpPgAds can be reached at: Best regards -- Matteo Beccati http://phpadsnew.com/ http://phppgads.com/