FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpSysInfo -- "register_globals" emulation layer overwrite vulnerability

Affected packages
phpSysInfo < 2.5.1

Details

VuXML ID 9c1cea79-548a-11da-b53f-0004614cc33d
Discovery 2005-11-10
Entry 2005-11-13
Modified 2005-12-25

A Secunia Advisory reports:

Christopher Kunz has reported a vulnerability in phpSysInfo, which can be exploited by malicious people to manipulate certain information.

The vulnerability is caused due to an error in the "register_globals" emulation layer where certain arrays used by the system can be overwritten. This can be exploited to execute arbitrary HTML and script code in a user's browser session and include arbitrary files from local resources.

[source]

References

URL http://secunia.com/advisories/17441/
URL http://www.hardened-php.net/advisory_222005.81.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.