RETIRED: Campsite Multiple Remote Input Validation Vulnerabilities

RETIRED: Campsite Multiple Remote Input Validation Vulnerabilities

Campsite is prone to multiple vulnerabilities, including cross-site scripting as well as local and remote file-include issues.

A remote attacker can exploit these issues to obtain cookie-based authentication credentials or other sensitive information or to execute malicious PHP code in an unsuspecting user's browser in the context of the affected site or of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

NOTE: This BID is being retired. The issues described require the 'register_globals' PHP directive to be enabled, but the application's documentation instructs users to disable this directive.

Campsite 3.3.0 RC1 is vulnerable; other versions may also be affected.