Title: phpGB PHP Code Injection Vulnerability
Severity: HIGH
Description:
phpGB is a PHP/MySQL based guestbook. phpGB is available on all platforms that support PHP, including Unix, Linux, and Microsoft Windows.
phpGB is subject to a PHP code injection vulnerability.
It is possible to inject code into the guestbook configuration file (config.php) by supplying malicious parameters for the savesettings.php script. The configuration file is referenced in most of the other guestbook scripts, so each time one of the scripts is accessed the attacker-supplied PHP code will be executed.
It should be noted that normally authentication is required to access the savesettings.php script, however, the script authenticates by checking that it was request via a HTTP POST request and does not further authenticate users.
Injection of improper syntax will result in a denial of service on the entire guestbook, since this will cause an error to occur when the configuration file is interpreted.
It is also possible for an attacker to exploit this condition to execute operating system commands with the privileges of the webserver via PHP code injection.
Affected Products:
- phpGB phpGB 1.1.0
- phpGB phpGB 1.2.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
