mini-Pub 'sFileName' Parameter Multiple Input Validation Vulnerabilities

mini-Pub is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input.

These issues include:

- a local file-include vulnerability
- a remote file-include vulnerability
- an arbitrary-command-execution vulnerability

Exploiting these issues can allow attackers to access potentially sensitive information, to execute arbitrary script code in the context of the webserver process, to steal cookie-based authentication credentials, or to compromise the application and the underlying computer.

mini-Pub 0.3 is vulnerable; other versions may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus