[PHPADSNEW-SA-2005-001] phpAdsNew and phpPgAds 2.0.6 fix multiple vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx, phpsec@xxxxxxxxxxx
Subject: [PHPADSNEW-SA-2005-001] phpAdsNew and phpPgAds 2.0.6 fix multiple vulnerabilities
From: Matteo Beccati <matteo@xxxxxxxxxxx>
Date: Wed, 17 Aug 2005 17:50:19 +0200
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)

========================================================================
phpAdsNew / phpPgAds security advisory             PHPADSNEW-SA-2005-001
------------------------------------------------------------------------
Advisory ID:           PHPADSNEW-SA-2005-001
Date:                  2005-Aug-17
Security risk:         highly critical
Applications affetced: phpAdsNew, phpPgAds
Versions affected:     <= 2.0.5
Versions not affected: >= 2.0.6
========================================================================


========================================================================
Vulnerability 1:  arbitrary PHP code execution
------------------------------------------------------------------------
Impact:           system access
Where:            from remote
========================================================================

Description
-----------
Stefan Esser of the Hardened-PHP Project reported a serious
vulnerablility in the third-party XML-RPC library included with
phpAdsNew and phpPgAds. An attacker could execute arbitrary PHP code on
a vulnerable site.

Solution
--------
- Upgrade to phpAdsNew or phpPgAds 2.0.6.

References
----------
http://www.hardened-php.net/advisory_152005.67.html


========================================================================
Vulnerability 2:  local file inclusion
------------------------------------------------------------------------
Impact:           system access
Where:            from remote
========================================================================

Description
-----------
Maksymilian Arciemowicz of the securityreason.com team reported a local
file inclusion vulnerablility in phpAdsNew and phpPgAds, caused by
missing sanitization of a GET variable.

Solution
--------
- Upgrade to phpAdsNew or phpPgAds 2.0.6.

References
----------
[phpAdsNew 2.0.5 Local file inclusion cXIb8O3.16]
http://www.securityreason.com/


========================================================================
Vulnerability 3:  SQL injection
------------------------------------------------------------------------
Impact:           application admin access (+ potential system access)
Where:            from remote
========================================================================

Description
-----------
Pine Digital Security reported an SQL injection vulnerablility in
phpAdsNew and phpPgAds, caused by missing sanitization of the clientid
GET variable. The vulnerability seems to be exploitable with MySQL 4.1+
or PostgreSQL to obtain administrator access to the application.
Depending on the database user permissions, an attacker could also gain
access to the local filesystem.

Solution
--------
- Upgrade to phpAdsNew or phpPgAds 2.0.6.

References
----------
http://www.pine.nl/




Contact informations
====================

The security contact for phpAdsNew and phpPgAds can be reached at:
<security AT phpadsnew DOT com>



Best regards
--
Matteo Beccati
http://phpadsnew.com/
http://phppgads.com/

Prev by Date: Unicode Buffer Overflow in WinFtp Server 1.6.8
Next by Date: [ GLSA 200508-09 ] bluez-utils: Bluetooth device name validation vulnerability
Previous by thread: Bypassing the new /GS protection in VC++ 7.1
Next by thread: [ GLSA 200508-09 ] bluez-utils: Bluetooth device name validation vulnerability
Index(es):
- Date
- Thread