MapLab 2.2.1 potential security vulnerability

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

MapLab 2.2.1 potential security vulnerability

pagameba
Hello MapLab users ...

We have just received notification via bugtraq of a potential Remote  
File Inclusion Vulnerability in MapLab 2.2.1:

http://www.securityfocus.com/archive/1/464462/30/0/threaded

The problem exists in GMapFactory/params.php and potentially allows a  
malicious user to include a remote file into the php script, which  
can then execute any arbitrary PHP code.

The problem can be mitigated by ensuring that 'register_globals' is  
turned off in your php configuration file (php.ini).

We will also be providing a source code patch to the affected file(s)  
to remove the vulnerability.

Cheers

Paul

+-----------------------------------------------------------------+
|Paul Spencer                          [hidden email]    |
+-----------------------------------------------------------------+
|Chief Technology Officer                                         |
|DM Solutions Group Inc                http://www.dmsolutions.ca/ |
+-----------------------------------------------------------------+




_______________________________________________
Maplab-users mailing list
[hidden email]
http://lists.maptools.org/mailman/listinfo/maplab-users
Loading...