漏洞信息详情
SiteBar 翻译模块'translator.php' 静态代码注入漏洞
- CNNVD编号:CNNVD-200710-345
- 危害等级: 中危
- CVE编号: CVE-2007-5492
- 漏洞类型: 代码注入
- 发布时间: 2007-10-17
- 威胁类型: 远程
- 更新时间: 2007-10-18
- 厂 商: sitebar
- 漏洞来源: Robert Buchholz of...
漏洞简介
SiteBar 3.3.8版本的翻译模块(translator.php)中存在静态代码注入漏洞。远程验证用户可以借助value参数,执行任意PHP代码。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Debian Linux 4.0 amd64
Debian sitebar_3.3.8-7etch1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7
etch1_all.deb
Debian Linux 4.0 ia-32
Debian sitebar_3.3.8-7etch1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7
etch1_all.deb
Debian Linux 4.0 arm
Debian sitebar_3.3.8-7etch1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7
etch1_all.deb
Debian Linux 4.0 hppa
Debian sitebar_3.3.8-7etch1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7
etch1_all.deb
Debian Linux 4.0 sparc
Debian sitebar_3.3.8-7etch1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7
etch1_all.deb
Debian Linux 4.0 s/390
Debian sitebar_3.3.8-7etch1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7
etch1_all.deb
Debian Linux 4.0 powerpc
Debian sitebar_3.3.8-7etch1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7
etch1_all.deb
Debian Linux 4.0 alpha
Debian sitebar_3.3.8-7etch1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7
etch1_all.deb
Debian Linux 4.0 m68k
Debian sitebar_3.3.8-7etch1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7
etch1_all.deb
Debian Linux 4.0 mipsel
Debian sitebar_3.3.8-7etch1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7
etch1_all.deb
Debian Linux 4.0 ia-64
Debian sitebar_3.3.8-7etch1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7
etch1_all.deb
Debian Linux 4.0 mips
Debian sitebar_3.3.8-7etch1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7
etch1_all.deb
Debian Linux 3.1 ppc
Debian sitebar_3.2.6-7.1sarge1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7
.1sarge1_all.deb
Debian Linux 3.1 ia-64
Debian sitebar_3.2.6-7.1sarge1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7
.1sarge1_all.deb
Debian Linux 3.1 arm
Debian sitebar_3.2.6-7.1sarge1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7
.1sarge1_all.deb
Debian Linux 3.1 mips
Debian sitebar_3.2.6-7.1sarge1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7
.1sarge1_all.deb
Debian Linux 3.1 ia-32
Debian sitebar_3.2.6-7.1sarge1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7
.1sarge1_all.deb
Debian Linux 3.1 alpha
Debian sitebar_3.2.6-7.1sarge1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7
.1sarge1_all.deb
Debian Linux 3.1 m68k
Debian sitebar_3.2.6-7.1sarge1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7
.1sarge1_all.deb
Debian Linux 3.1 mipsel
Debian sitebar_3.2.6-7.1sarge1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7
.1sarge1_all.deb
Debian Linux 3.1 s/390
Debian sitebar_3.2.6-7.1sarge1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7
.1sarge1_all.deb
Debian Linux 3.1 amd64
Debian sitebar_3.2.6-7.1sarge1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7
.1sarge1_all.deb
Debian Linux 3.1 hppa
Debian sitebar_3.2.6-7.1sarge1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7
.1sarge1_all.deb
Debian Linux 3.1 sparc
Debian sitebar_3.2.6-7.1sarge1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7
.1sarge1_all.deb
SiteBar SiteBar 3.2.6
SiteBar SiteBar-3.3.9.tar.bz2
http://downloads.sourceforge.net/sitebar/SiteBar-3.3.9.tar.bz2?modtime
=1192322139&big_mirror=0
SiteBar SiteBar 3.3.2
SiteBar SiteBar-3.3.9.tar.bz2
http://downloads.sourceforge.net/sitebar/SiteBar-3.3.9.tar.bz2?modtime
=1192322139&big_mirror=0
SiteBar SiteBar 3.3.3
SiteBar SiteBar-3.3.9.tar.bz2
http://downloads.sourceforge.net/sitebar/SiteBar-3.3.9.tar.bz2?modtime
=1192322139&big
参考网址
来源: bugs.gentoo.org
链接:https://bugs.gentoo.org/show_bug.cgi?id=195810
来源: bugs.gentoo.org
链接:https://bugs.gentoo.org/attachment.cgi?id=133465&action=view
来源: OSVDB
名称: 43760
链接:http://osvdb.org/43760
来源: BID
名称: 26126
链接:http://www.securityfocus.com/bid/26126
来源: BUGTRAQ
名称: 20071018 Serious holes affecting SiteBar 3.3.8
链接:http://www.securityfocus.com/archive/1/archive/1/482499/100/0/threaded
来源: GENTOO
名称: GLSA-200711-05
链接:http://www.gentoo.org/security/en/glsa/glsa-200711-05.xml
来源: VUPEN
名称: ADV-2007-3768
链接:http://www.frsirt.com/english/advisories/2007/3768
来源: DEBIAN
名称: DSA-1423
链接:http://www.debian.org/security/2007/dsa-1423
来源: teamforge.net
链接:http://teamforge.net/viewcvs/viewcvs.cgi/tags/release-3.3.9/doc/history.txt?view=markup
来源: SECUNIA
名称: 28008
链接:http://secunia.com/advisories/28008
来源: SECUNIA
名称: 27503
链接:http://secunia.com/advisories/27503
受影响实体
- Sitebar Sitebar:3.3.8
补丁
暂无
评论