Description
Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) lang parameter in docs/index.php and the language parameter in (2) install/install.php, (3) install/sec_stage_install.php, (4) install/third_stage_install.php, and (5) install/forth_stage_install.php. NOTE: direct static code injection is resultant from this issue, as demonstrated by inserting PHP code into the username, which is inserted into linpha.log, which is accessible from the directory traversal.
Exploits (4)
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/424729/100/0/threaded
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18808
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24663
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/16592
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/426
Exploit x_refsource_misc
http://retrogod.altervista.org/linpha_10_local.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0535
Scores
EPSS
0.2419
EPSS Percentile
96.1%
Details
Status
published
Products (6)
linpha/linpha
0.9.0
linpha/linpha
0.9.1
linpha/linpha
0.9.2
linpha/linpha
0.9.3
linpha/linpha
0.9.4
linpha/linpha
1.0
Published
Feb 15, 2006
Tracked Since
Feb 18, 2026