|
Description
|
|
Multiple vulnerabilities have been identified in phpFFL, which could be exploited by attackers to execute arbitrary commands. These issues are caused by input validation errors in the "program_files/livedraft/livedraft.php" and "program_files/livedraft/admin.php" scripts when processing the "PHPFFL_FILE_ROOT" parameter, which could be exploited by remote attackers to include malicious scripts and execute arbitrary commands with the privileges of the web server.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
phpFFL version 1.24 and prior
|
|
|
|
|
|
Solution
|
|
Upgrade to phpFFL version 1.26 :
http://sourceforge.net/projects/phpffl/
|
|
|
|
|
|
CVE
|
|
CVE-2007-4935
CVE-2007-4934
|
|
|
|
|
|
References
|
|
http://sourceforge.net/forum/forum.php?forum_id=735906
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
