BNLug - SendCard SendCard PHP Local File Include Vulnerability

SendCard SendCard.PHP Local File Include Vulnerability

TITLE: SendCard SendCard.PHP Local File Include Vulnerability
CLASS: Input Validation Error
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 04 2007 12:00AM
UPDATE: Jun 04 2007 11:40PM
CREDIT: Silentz is credited with the discovery of this vulnerability.
VULNERABLE:

Sendcard Sendcard 3.4.1
Sendcard Sendcard 3.4
Sendcard Sendcard 3.3
Sendcard Sendcard 3.2.3
Sendcard Sendcard 3.2.2
Sendcard Sendcard 3.2.1
Sendcard Sendcard 3.2

NOT VULNERABLE:

Vai alla pagina originale su Security Focus

Discussion

Sendcard is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized user to view files and execute local scripts.

This issue affects Sendcard 3.4.1; prior versions are also affected.

Exploit

Attackers can use a browser to exploit this issue.

The following exploit is available:

/data/vulnerabilities/exploits/24308.php

Solution

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.

References

References:

Sendcard Homepage (Sendcard)

SendCard SendCard.PHP Local File Include Vulnerability

Discussion

Exploit

Solution

References

PhpLog

BNLug Benevento Linux Users Group

Menu Principale

Staff

Partner

Link