Package: bbclone Version: 0.4.6-7 Severity: important Tags: security Hi, a vulnerability has been identified in BBClone, which could be exploited by attackers to execute arbitrary commands. This issue is due to an input validation error in the "lib/selectlang.php" script that does not validate the "BBC_LIB_PATH" parameter, which could be exploited by remote attackers to include malicious PHP scripts and execute arbitrary commands with the privileges of the web server.
Affected: BBClone version 0.4.9 and prior. Reference: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0508 http://www.frsirt.com/english/advisories/2007/0318 http://secunia.com/advisories/23874 Note: Please mention the CVE id in the changelog. regards, -- .''`. : :' : Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
