- 28 May 2008Advisories » CJ Tag Board Multiple Parameter Handling PHP Code Injection Vulnerabilities
| Release Date: | 29/08/2006 | Severity: | Highly Critical  |
| SecWatch Advisory: | SWID1015231 | Cause: | Input validation error |
| Solution Status: | Unknown | Impact: | Disclosure of system information Execution of arbitrary code |
| Exploit Status: | None Available | Access Vector: | From remote |
| Affected Software: | CJ Tag Board 3.x | ||
| Original Advisory: | http://secunia.com/secunia_research/2006-61/ |
||
| References: | FrSIRT/ADV-2006-3406 |
||
| Secunia: | SA21561 | ||
Description:
Multiple input validation vulnerabilities in CJ Tag Board have been reported, which can be exploited by remote users to compromise a vulnerable system.
1) User-supplied input passed to the "User-Agent" HTTP header in tag.php is not properly sanitised before being stored. This can be exploited to inject arbitrary PHP code, which is executed when requesting the all.php file.
2) User-supplied input passed to the "banned" parameter in admin_index.php is not properly sanitised before being stored. This can be exploited to inject arbitrary PHP code, but requires administrative user privileges.
Affected:
CJ Tag Board version 3.0. Other versions may also be affected.
Solution:
There was no vendor-supplied solution at the time of entry.
Edit source code manually to ensure user-supplied input is correctly sanitised.
Filter malicious characters and character sequences via a HTTP proxy or firewall with URL filtering capabilities.
Credits:
Free Vulnerability Notification Service
Receive free instant and customisable notifications of new vulnerabilities or exploits via e-mail, web or RSS feeds. Click here for more information.