漏洞信息详情
PHProjekt未明认证绕过漏洞
- CNNVD编号:CNNVD-200412-196
- 危害等级: 高危
- CVE编号: CVE-2004-2739
- 漏洞类型: 权限许可和访问控制
- 发布时间: 2004-12-31
- 威胁类型: 远程
- 更新时间: 2007-10-10
- 厂 商: phprojekt
- 漏洞来源: Discovery of this ...
漏洞简介
PHProjekt 4.2.1版本及之前版本中的设置程序(setup.php)存在漏洞。远程攻击者可以借助未知的攻击向量来修改系统配置。
漏洞公告
An updated 'setup.php' file is available to resolve this issue. The vendor advises that this file should be unpacked and should be used to replace the 'setup.php' file in the root directory of the installation: http://phprojekt.com/files/4.2/setup.zip Gentoo Linux has released an advisory (GLSA 200412-06) and an updated eBuild to address this vulnerability. As a superuser, Gentoo users are advised to execute the following commands in order to apply these updates: emerge --sync emerge --ask --oneshot --verbose ">=www-apps/phprojekt-4.2-r1" SuSE Linux has released a summary report dealing with this issue. Please see the referenced advisory and contact the vendor for information on obtaining the updated packages.
参考网址
来源: SECUNIA 名称: 13355 链接:http://secunia.com/advisories/13355 来源: XF 名称: phprojekt-setup-command-execution(18320) 链接:http://xforce.iss.net/xforce/xfdb/18320 来源: BID 名称: 11797 链接:http://www.securityfocus.com/bid/11797 来源: www.phprojekt.com 链接:http://www.phprojekt.com/modules.php?op=modload&name=News&file=article&sid=189&mode=thread&order=0 来源: OSVDB 名称: 12174 链接:http://www.osvdb.org/12174 来源: SUSE 名称: SuSE-SR:2004:004 链接:http://www.novell.com/linux/security/advisories/2004_04_sr.HTML 来源: GENTOO 名称: GLSA-200412-06 链接:http://www.gentoo.org/security/en/glsa/glsa-200412-06.xml 来源: SECTRACK 名称: 1012369 链接:http://securitytracker.com/id?1012369
受影响实体
- Phprojekt Phprojekt:3.2
- Phprojekt Phprojekt:3.1
- Phprojekt Phprojekt:3.1a
- Phprojekt Phprojekt:3.0
- Phprojekt Phprojekt:2.4
补丁
暂无
评论