[VIM] shared code incolving pcltar.lib.php/g_pcltar_lib_dir RFI
George A. Theall
theall at tenablesecurity.com
Tue May 15 00:37:17 UTC 2007
On 05/14/07 18:13, Steven M. Christey wrote:
> Various disclosures for separate products have involved RFI in a file
> named "pcltar.lib.php" (or pcltar.php) using $g_pcltar_lib_dir. CVE
> analysis has shown that this stems from the Tar module 1.3 for Vincent
> Blavet PhpConcept Library, called PclTar. The current version (dated
> 2003), 1.3.1, also has the problem.
Also affected is ZPanel (2.0 as well as 2.5 beta 11, both of which are
current). The affected file is in the subdirectory 'filemanager/includes'.
I also found it used by Mambo (I looked at 4.5.1 - 4.6.1), Joomla (1.0.0
and up), and e107 (0.7.2 - 0.7.5), but modified in such a way as to
prevent calling the affected file directly. The only exception was the
previously-mentioned Joomla 1.5 beta.
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list