FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpSysInfo -- "register_globals" emulation layer overwrite vulnerability

Affected packages
phpSysInfo < 2.5.1

Details

VuXML ID 9c1cea79-548a-11da-b53f-0004614cc33d
Discovery 2005-11-10
Entry 2005-11-13
Modified 2005-12-25

A Secunia Advisory reports:

Christopher Kunz has reported a vulnerability in phpSysInfo, which can be exploited by malicious people to manipulate certain information.

The vulnerability is caused due to an error in the "register_globals" emulation layer where certain arrays used by the system can be overwritten. This can be exploited to execute arbitrary HTML and script code in a user's browser session and include arbitrary files from local resources.

References

URL http://secunia.com/advisories/17441/
URL http://www.hardened-php.net/advisory_222005.81.html