PHPlist, file injection vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: PHPlist, file injection vulnerability
From: Michiel Dethmers <secfoc@xxxxxxxxxx>
Date: Fri, 14 Nov 2003 14:50:22 +0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030703

PHPlist, http://www.phplist.com is a popular open source newsletterapplication written in PHP.

Recently a file injection vulnerability has been discovered allowingremote attackers to issue arbitrary commands on the hosted machine, asthe webserver user.The issue has been resolved in the latest release, version 2.6.4available at http://www.phplist.com/files


Versions affected: any version up to 2.6.2

If Apache is used, the following .htacces file in the "admin" directorywill patch the problem for any affected version, provided the serverpermissions allow overriding the relevant directives


<FilesMatch "\.(php|inc)$">
Order allow,deny
deny from all
</FilesMatch>
<FilesMatch "index.php$">
Order allow,deny
allow from all
</FilesMatch>

Michiel Dethmers

Prev by Date: RE: [Full-Disclosure] Re: Serious flaws in bluetooth security lead to disclosure of personal data
Next by Date: Re: [Full-Disclosure] Re: Serious flaws in bluetooth security lead to disclosure of personal data
Previous by thread: Re: [Full-Disclosure] Re: Serious flaws in bluetooth security lead to disclosure of personal data
Next by thread: Vulnerability Disclosure Formats (was "Re: Funny article")
Index(es):
- Date
- Thread