CVE-2005-3519 Information

Description

Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow remote attackers to execute arbitrary PHP code and include arbitrary local files via the (1) INCLUDE_PATH and (2) SQUIZLIB_PATH parameters in new_upgrade_functions.php (3) the INCLUDE_PATH parameter in init_mysource.php and the PEAR_PATH parameter in (4) Socket.php (5) Request.php (6) Mail.php (7) Date.php (8) Span.php (9) mimeDecode.php and (10) mime.php.

Reference

http://marc.info/?l=bugtraq&m=112966933202769&w=2 http://secunia.com/advisories/16946/ http://securityreason.com/securityalert/92 http://securitytracker.com/id?1015075 http://www.osvdb.org/20035 http://www.osvdb.org/20036 http://www.osvdb.org/20037 http://www.osvdb.org/20038 http://www.osvdb.org/20039 http://www.osvdb.org/20040 http://www.osvdb.org/20041 http://www.osvdb.org/20042 http://www.osvdb.org/20043 http://www.securityfocus.com/bid/15133/discuss http://www.vupen.com/english/advisories/2005/2132 https://exchange.xforce.ibmcloud.com/vulnerabilities/22772