Japanese Edition

SNS Advisory No.90
PHProjekt gantt module "lib_path" Remote PHP File Inclusion Vulnerability

Discovered on:22 Sep 2006
Released on:29 Sep 2006

Severity:
High

Overview:
PHProjekt 5.1.1 and earlier version have a vulnerability in processing strings included in URLs. Therefore, arbitrary PHP scripts could be executed by requesting URLs including malicious strings.

Description:
PHProjekt 5.1.1 and earlier version have a vulnerability in processing strings included in the specified file path. Therefore, arbitrary PHP scripts located on the remote server could also be executed. For example, attackers can make the server process the executable scripts for arbitrary commands. This could result in the execution of arbitrary programs with permissions on Web server.

Affected Products and Versions:
PHProjekt 5.1.1 and earlier

Solution:
The vulnerability can be fixed by updating the software to PHProjekt 5.1.2 or later, which are available at:
http://www.phprojekt.com/modules.php?op=modload&name=Downloads&file=index&req=viewdownload&cid=1

Discovered by:
Hiroki Iwai (LAC)

Disclaimer:

The information contained in this advisory may be revised without prior notice and is provided as is. Users shall take their own risk when taking any actions following reading this advisory. Little eArth Corporation Co., Ltd. shall not be held responsible  for any claims, losses or damages caused by the use of information provided here.

This advisory is available at the following URL:

http://www.lac.co.jp/english/advisory/90_e.html

Japanese Edition