A vulnerability classified as critical has been found in Oliver and Webshare up to 1.2.2. This affects the function file_exists of the file loginform-inc.php of the component Login. The manipulation of the argument conf[motdfile] with an unknown input leads to a file inclusion vulnerability. CWE is classifying the issue as CWE-73. The product allows user input to control or influence paths or file names that are used in filesystem operations. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:

PHP file inclusion vulnerability in loginform-inc.php in Oliver (formerly Webshare) 1.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the conf[motdfile] parameter, which is accessed by the file_exists function.

The weakness was released 11/21/2006 by Drago84 (Website). The advisory is shared at securityfocus.com. This vulnerability is uniquely identified as CVE-2006-6043 since 11/21/2006. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details are known, but no exploit is available.

It is declared as proof-of-concept. By approaching the search of inurl:loginform-inc.php it is possible to find vulnerable targets with Google Hacking.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the vulnerability database at X-Force (30415).

Productinfo

Name

• Oliver
• Webshare

Version

• 1.2.0
• 1.2.1
• 1.2.2

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion