eAccelerator encoder files backup Vulnerability

2009-07-02 / 2009-07-03
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-94


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

eAccelerator encoder files backup Vulnerability 1.Description eAccelerator is a free open-source PHP accelerator, optimizer, and dynamic content cache. It increases the performance of PHP scripts by caching them in their compiled state, so that the overhead of compiling is almost completely eliminated. It also optimizes scripts to speed up their execution. eAccelerator typically reduces server load and increases the speed of your PHP code by 1-10 times. 2. The Vulnerability eAccelerator has a function which encode php source in encoder.php. You can backup all system files to specify directory or specify files.Of course you can upload image to Web Server and backup it to the web directory so you can ........... 3.II. Disclosure Timeline 2009/06/29 Vendor contact. 2009/06/30 Public Disclosure. 4. Thanks all of Whitehat Community's friend && Great Milw0rm! 2009/06/30 by cnbird Sorry my bad english!

References:

http://www.securityfocus.com/archive/1/archive/1/504695/100/0/threaded


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top