[PHPADSNEW-SA-2005-001] phpAdsNew and phpPgAds 2.0.6 fix multiple vulnerabilities
========================================================================
phpAdsNew / phpPgAds security advisory PHPADSNEW-SA-2005-001
------------------------------------------------------------------------
Advisory ID: PHPADSNEW-SA-2005-001
Date: 2005-Aug-17
Security risk: highly critical
Applications affetced: phpAdsNew, phpPgAds
Versions affected: <= 2.0.5
Versions not affected: >= 2.0.6
========================================================================
========================================================================
Vulnerability 1: arbitrary PHP code execution
------------------------------------------------------------------------
Impact: system access
Where: from remote
========================================================================
Description
-----------
Stefan Esser of the Hardened-PHP Project reported a serious
vulnerablility in the third-party XML-RPC library included with
phpAdsNew and phpPgAds. An attacker could execute arbitrary PHP code on
a vulnerable site.
Solution
--------
- Upgrade to phpAdsNew or phpPgAds 2.0.6.
References
----------
http://www.hardened-php.net/advisory_152005.67.html
========================================================================
Vulnerability 2: local file inclusion
------------------------------------------------------------------------
Impact: system access
Where: from remote
========================================================================
Description
-----------
Maksymilian Arciemowicz of the securityreason.com team reported a local
file inclusion vulnerablility in phpAdsNew and phpPgAds, caused by
missing sanitization of a GET variable.
Solution
--------
- Upgrade to phpAdsNew or phpPgAds 2.0.6.
References
----------
[phpAdsNew 2.0.5 Local file inclusion cXIb8O3.16]
http://www.securityreason.com/
========================================================================
Vulnerability 3: SQL injection
------------------------------------------------------------------------
Impact: application admin access (+ potential system access)
Where: from remote
========================================================================
Description
-----------
Pine Digital Security reported an SQL injection vulnerablility in
phpAdsNew and phpPgAds, caused by missing sanitization of the clientid
GET variable. The vulnerability seems to be exploitable with MySQL 4.1+
or PostgreSQL to obtain administrator access to the application.
Depending on the database user permissions, an attacker could also gain
access to the local filesystem.
Solution
--------
- Upgrade to phpAdsNew or phpPgAds 2.0.6.
References
----------
http://www.pine.nl/
Contact informations
====================
The security contact for phpAdsNew and phpPgAds can be reached at:
<security AT phpadsnew DOT com>
Best regards
--
Matteo Beccati
http://phpadsnew.com/
http://phppgads.com/