CVE-2009-3424 Information

Description

Multiple PHP remote file inclusion vulnerabilities in MaxCMS 3.11.20b when register_globals is enabled allow remote attackers to execute arbitrary PHP code via a URL in the (1) is_projectPath parameter to includes/InstantSite/inc.is_root.php; GLOBALS[thCMS_root] parameter to (2) classes/class.Tree.php (3) includes/inc.thcms_admin_mediamanager.php and (4) modul/mod.rssreader.php; is_path parameter to (5) class.tasklist.php (6) class.thcms.php (7) class.thcms_content.php (8) class.thcms_modul_parent.php (9) class.thcms_page.php and (10) class.thcsm_user.php in classes/; and (11) includes/InstantSite/class.Tree.php; and thCMS_root parameter to (12) classes/class.thcms_modul.php; (13) inc.page_edit_tasklist.php (14) inc.thcms_admin_overview_backup.php and (15) inc.thcms_edit_content.php in includes/; and (16) class.thcms_modul_parent_xml.php (17) mod.cmstranslator.php (18) mod.download.php (19) mod.faq.php (20) mod.guestbook.php (21) mod.html.php (22) mod.menu.php (23) mod.news.php (24) mod.newsticker.php (25) mod.rss.php (26) mod.search.php (27) mod.sendtofriend.php (28) mod.sitemap.php (29) mod.tagdoc.php (30) mod.template.php (31) mod.test.php (32) mod.text.php (33) mod.upload.php and (34) mod.users.php in modul/.

Reference

http://secunia.com/advisories/36105 http://www.exploit-db.com/exploits/9322 http://www.vupen.com/english/advisories/2009/2136