Yrch! "path" Parameter Handling Remote PHP File Inclusion ...

Posted by dcparris on Dec 29, 2006 8:22 PM EDT
FrSIRT		Mail this story
Print this story

A vulnerability has been identified in Yrch!, which could be exploited by attackers to execute arbitrary commands. This issue is due to an input validation error in the "yrch/plugins/metasearch/plug.inc.php" script that does not validate the "path" parameter, which could be exploited by remote attackers to include malicious PHP scripts and execute arbitrary commands with the privileges of the web server.

Full Story

  Nav
» Read more about: Story Type: Security; Groups: PHP

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.