CVE-2005-3519

Name of the Vulnerable Software and Affected Versions MySource version 2.14.0

Description The issue allows remote attackers to execute arbitrary PHP code and include arbitrary local files. This is achieved through multiple PHP file inclusion vulnerabilities via the INCLUDE PATH and SQUIZLIB PATH parameters in new upgrade functions.php, the INCLUDE PATH parameter in init mysource.php, and the PEAR PATH parameter in various PHP files, including Socket.php, Request.php, Mail.php, Date.php, Span.php, mimeDecode.php, and mime.php.

Recommendations For MySource version 2.14.0, consider restricting access to the vulnerable parameters INCLUDE PATH, SQUIZLIB PATH, and PEAR PATH until a patch is available. As a temporary workaround, avoid using these parameters in the affected PHP files.