Info

Disclosure

Jun 19, 2006

Discovery

Unknown

Dates

Exploit

Jun 19, 2006

Solution

Unknown

Description

Eduha Meeting File contains a flaw that may allow a malicious user to execute arbitrary PHP code. The issue is triggered when the user uploads a file, the script does not correctly restrict the extension of files that can be uploaded. It is possible that the flaw may allow remote code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
OSVDB: Web Related

Solution

Upgrade to latest version, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Eduha

Eduha Meeting File

Unknown or Unspecified

References

Bugtraq ID: 18499
CVE ID: 2006-3158 (see also: NVD)
Secunia Advisory ID: 20731
ISS X-Force ID: 27296
VUPEN Advisory: ADV-2006-2428
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0450.html
Vendor URL: http://eduha.forever.kz/
Other Advisory URL: http://www.biyosecurity.be/bugs/meeting.txt

Credit

Liz0ziM -

Direct URL: http://osvdb.org/26627