[maplab-users] MapLab 2.2.1 potential security vulnerability

Paul Spencer pspencer at dmsolutions.ca
Mon Apr 2 13:45:15 EDT 2007


Hello MapLab users ...

We have just received notification via bugtraq of a potential Remote  
File Inclusion Vulnerability in MapLab 2.2.1:

http://www.securityfocus.com/archive/1/464462/30/0/threaded

The problem exists in GMapFactory/params.php and potentially allows a  
malicious user to include a remote file into the php script, which  
can then execute any arbitrary PHP code.

The problem can be mitigated by ensuring that 'register_globals' is  
turned off in your php configuration file (php.ini).

We will also be providing a source code patch to the affected file(s)  
to remove the vulnerability.

Cheers

Paul

+-----------------------------------------------------------------+
|Paul Spencer                          pspencer at dmsolutions.ca    |
+-----------------------------------------------------------------+
|Chief Technology Officer                                         |
|DM Solutions Group Inc                http://www.dmsolutions.ca/ |
+-----------------------------------------------------------------+






More information about the Maplab-users mailing list