Title: BXCP Index.PHP Input Validation PHP Script Execution Vulnerability
Severity: MODERATE
Description:
BXCP is a content management web site that is implemented in PHP.
BXCP is reported prone to an access restriction bypass vulnerability. It is reported that due to a lack of input sanitization the 'show' URI parameter passed to the 'index.php' script can be used to render any PHP script that resides on a vulnerable computer.
A remote attacker may exploit this vulnerability to render PHP scripts that are supposed to be restricted, even scripts protected by htaccess rules. This may aid the attacker in further attacks launched against a target computer.
The vulnerability may also be exploited by an attacker that has local access to a target computer to run arbitrary PHP code with the privileges of the web server process.
Affected Products:
- BXCP BXCP 0.2.9 .7
References:
- BXCP: BXCP Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
