PT-2008-3538 · Phpizabi · Phpizabi

Youcode

Published

2008-04-30

Updated

2017-09-29

CVE-2008-2018

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions PHPizabi version 0.848b C1 HFP3

Description The issue allows remote authenticated users to obtain sensitive information via a comment containing a macro. This is demonstrated by a "{user.password}" comment in the profile of the admin user, exploiting the AssignUser function in template.class.php, which performs unsafe macro expansions on strings delimited by '{' and '}' characters.

Recommendations For PHPizabi version 0.848b C1 HFP3, as a temporary workaround, consider restricting access to the AssignUser function in template.class.php until a patch is available. Avoid using the user.password variable in comments to minimize the risk of exploitation.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2008-2018

Affected Products

Phpizabi

PT-2008-3538 · Phpizabi · Phpizabi

CVE-2008-2018

Weakness Enumeration

Related Identifiers

Affected Products

References · 4