[maplab-users] MapLab 2.2.1 potential security vulnerability
Paul Spencer
pspencer at dmsolutions.ca
Mon Apr 2 13:45:15 EDT 2007
Hello MapLab users ...
We have just received notification via bugtraq of a potential Remote
File Inclusion Vulnerability in MapLab 2.2.1:
http://www.securityfocus.com/archive/1/464462/30/0/threaded
The problem exists in GMapFactory/params.php and potentially allows a
malicious user to include a remote file into the php script, which
can then execute any arbitrary PHP code.
The problem can be mitigated by ensuring that 'register_globals' is
turned off in your php configuration file (php.ini).
We will also be providing a source code patch to the affected file(s)
to remove the vulnerability.
Cheers
Paul
+-----------------------------------------------------------------+
|Paul Spencer pspencer at dmsolutions.ca |
+-----------------------------------------------------------------+
|Chief Technology Officer |
|DM Solutions Group Inc http://www.dmsolutions.ca/ |
+-----------------------------------------------------------------+
More information about the Maplab-users
mailing list