W-Agora EditForm.PHP PHP Include Vulnerability

W-Agora is a freely available, open source PHP forum software package. It is available for Unix and Linux systems.

A problem with W-Agora may make possible the execution of arbitrary commands.

It has been reported that W-Agora has a vulnerability in the handling of PHP includes. By placing a file on a local system, a user could cause the execution of commands in the file to be carried out in the context of the web server process. This would require an administrator clicking a link after having logged into to access the editform.php page.


 

Privacy Statement
Copyright 2010, SecurityFocus