漏洞信息详情

PHProjekt未明认证绕过漏洞

漏洞简介

PHProjekt 4.2.1版本及之前版本中的设置程序(setup.php)存在漏洞。远程攻击者可以借助未知的攻击向量来修改系统配置。

漏洞公告

An updated 'setup.php' file is available to resolve this issue. The vendor advises that this file should be unpacked and should be used to replace the 'setup.php' file in the root directory of the installation: http://phprojekt.com/files/4.2/setup.zip Gentoo Linux has released an advisory (GLSA 200412-06) and an updated eBuild to address this vulnerability. As a superuser, Gentoo users are advised to execute the following commands in order to apply these updates: emerge --sync emerge --ask --oneshot --verbose ">=www-apps/phprojekt-4.2-r1" SuSE Linux has released a summary report dealing with this issue. Please see the referenced advisory and contact the vendor for information on obtaining the updated packages.

参考网址

来源: SECUNIA 名称: 13355 链接:http://secunia.com/advisories/13355 来源: XF 名称: phprojekt-setup-command-execution(18320) 链接:http://xforce.iss.net/xforce/xfdb/18320 来源: BID 名称: 11797 链接:http://www.securityfocus.com/bid/11797 来源: www.phprojekt.com 链接:http://www.phprojekt.com/modules.php?op=modload&name=News&file=article&sid=189&mode=thread&order=0 来源: OSVDB 名称: 12174 链接:http://www.osvdb.org/12174 来源: SUSE 名称: SuSE-SR:2004:004 链接:http://www.novell.com/linux/security/advisories/2004_04_sr.html 来源: GENTOO 名称: GLSA-200412-06 链接:http://www.gentoo.org/security/en/glsa/glsa-200412-06.xml 来源: SECTRACK 名称: 1012369 链接:http://securitytracker.com/id?1012369

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多