PT-2005-5261 · Php · Phpdocumentor

Rgod

Published

2005-12-31

Updated

2018-10-19

CVE-2005-4593

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions phpDocumentor versions 1.3.0 rc4 and earlier

Description The issue allows remote attackers to execute arbitrary code when register globals is enabled. This can be achieved via a URL in the FORUM[LIB] parameter in "Documentation/tests/bug-559668.php" and the root dir parameter in "docbuilder/file dialog.php".

Recommendations For phpDocumentor versions 1.3.0 rc4 and earlier, consider disabling the register globals setting to prevent exploitation until a patch is available. Restrict access to the affected parameters FORUM[LIB] and root dir in the respective files to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-4593

Affected Products

Phpdocumentor

PT-2005-5261 · Php · Phpdocumentor

CVE-2005-4593

Related Identifiers

Affected Products

References · 12