<<< Date Index >>>     <<< Thread Index >>>

[PHPADSNEW-SA-2005-001] phpAdsNew and phpPgAds 2.0.6 fix multiple vulnerabilities



========================================================================
phpAdsNew / phpPgAds security advisory             PHPADSNEW-SA-2005-001
------------------------------------------------------------------------
Advisory ID:           PHPADSNEW-SA-2005-001
Date:                  2005-Aug-17
Security risk:         highly critical
Applications affetced: phpAdsNew, phpPgAds
Versions affected:     <= 2.0.5
Versions not affected: >= 2.0.6
========================================================================


========================================================================
Vulnerability 1:  arbitrary PHP code execution
------------------------------------------------------------------------
Impact:           system access
Where:            from remote
========================================================================

Description
-----------
Stefan Esser of the Hardened-PHP Project reported a serious
vulnerablility in the third-party XML-RPC library included with
phpAdsNew and phpPgAds. An attacker could execute arbitrary PHP code on
a vulnerable site.

Solution
--------
- Upgrade to phpAdsNew or phpPgAds 2.0.6.

References
----------
http://www.hardened-php.net/advisory_152005.67.html


========================================================================
Vulnerability 2:  local file inclusion
------------------------------------------------------------------------
Impact:           system access
Where:            from remote
========================================================================

Description
-----------
Maksymilian Arciemowicz of the securityreason.com team reported a local
file inclusion vulnerablility in phpAdsNew and phpPgAds, caused by
missing sanitization of a GET variable.

Solution
--------
- Upgrade to phpAdsNew or phpPgAds 2.0.6.

References
----------
[phpAdsNew 2.0.5 Local file inclusion cXIb8O3.16]
http://www.securityreason.com/


========================================================================
Vulnerability 3:  SQL injection
------------------------------------------------------------------------
Impact:           application admin access (+ potential system access)
Where:            from remote
========================================================================

Description
-----------
Pine Digital Security reported an SQL injection vulnerablility in
phpAdsNew and phpPgAds, caused by missing sanitization of the clientid
GET variable. The vulnerability seems to be exploitable with MySQL 4.1+
or PostgreSQL to obtain administrator access to the application.
Depending on the database user permissions, an attacker could also gain
access to the local filesystem.

Solution
--------
- Upgrade to phpAdsNew or phpPgAds 2.0.6.

References
----------
http://www.pine.nl/




Contact informations
====================

The security contact for phpAdsNew and phpPgAds can be reached at:
<security AT phpadsnew DOT com>



Best regards
--
Matteo Beccati
http://phpadsnew.com/
http://phppgads.com/