VULHUB ™

phpSecurePages is a PHP-based web authentication system that allows administrators to 'secure' pages without using mechanisms such as HTTP authentication. This set of scripts contains a vulnerability that may allow remote users to execute commands on the vulnerable webserver. phpSecurePages fails to ensure that a variable internal to the scripts, READ_CONFIG, is not supplied by a remote user. As a result, remote users may be able to manipulate the interpretation of the script using this variable, possibly injecting PHP code that will be executed. Exploitation of this vulnerability may yield interactive local access to the target host for the attacker.

phpSecurePages is a PHP-based web authentication system that allows administrators to 'secure' pages without using mechanisms such as HTTP authentication. This set of scripts contains a vulnerability that may allow remote users to execute commands on the vulnerable webserver. phpSecurePages fails to ensure that a variable internal to the scripts, READ_CONFIG, is not supplied by a remote user. As a result, remote users may be able to manipulate the interpretation of the script using this variable, possibly injecting PHP code that will be executed. Exploitation of this vulnerability may yield interactive local access to the target host for the attacker.