PHP remote file inclusion vulnerability in session.inc.php in ISPConfig 2.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the go_info[server][classes_root] parameter. NOTE: the vendor has disputed this vulnerability, saying that session.inc.php is not under the web root in version 2.2, and register_globals is not enabled
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
| Link | Tags |
|---|---|
| http://www.securityfocus.com/bid/17909 | vdb entry exploit |
| http://www.osvdb.org/25355 | vdb entry |
| http://www.vupen.com/english/advisories/2006/1727 | vdb entry vendor advisory |
| https://www.exploit-db.com/exploits/1762 | exploit |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26299 | vdb entry |
| http://www.howtoforge.com/forums/showthread.php?t=4123 | |
| http://secunia.com/advisories/19994 | third party advisory vendor advisory |
| http://www.xorcrew.net/xpa/XPA-ISPConfig.txt | exploit vendor advisory |
| http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045855.html | mailing list |
| http://www.securityfocus.com/archive/1/437456/100/200/threaded | mailing list |