Signature Detail

Short Name	HTTP:PHP:PHPMYNEWS-INCLUDE
Severity	Medium
Recommended	No
Category	HTTP
Keywords	php phpMyNewsletter include http
Release Date	2003/04/22
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: phpMyNewsletter Insecure File Include

This signature detects attempts to exploit a known vulnerability in phpMyNewsletter. Version 0.6.10 and earlier are vulnerable. phpMyNewsletter does not verify the legitimacy of files included in the customize.php script using the l parameter. Attackers can include a malicious remote file in the customize.php script to execute arbitrary commands on the host.

Extended Description

Remote attackers could exploit this vulnerability to view files on an affected server, or to execute arbitrary commands within the security context of the phpMyNewsLetter process.

References

URL: http://securityvulns.com/docs3583.html
URL: http://www.net-security.org/vuln.php?id=2419
URL: http://www.securiteam.com/unixfocus/6U0011P5QQ.html

Signature Detail

Short Name

Severity

Recommended

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: phpMyNewsletter Insecure File Include

Extended Description

References