VULHUB ™

A flaw exists in the 'auth.php' script which may allow attackers to cause local web server readable files to be disclosed or interpreted. This is due to insufficient sanitization of the null character (%00) from CGI parameters. It has been demonstrated that in some circumstances it is possible to exploit this issue to execute arbitrary PHP code with the privileges of the webserver process.

A flaw exists in the 'auth.php' script which may allow attackers to cause local web server readable files to be disclosed or interpreted. This is due to insufficient sanitization of the null character (%00) from CGI parameters. It has been demonstrated that in some circumstances it is possible to exploit this issue to execute arbitrary PHP code with the privileges of the webserver process.