A vulnerability classified as critical has been found in Jason Frisvold phpTodo 0.8.0. Affected is some unknown processing of the file index.php. The manipulation with an unknown input leads to a privileges management vulnerability. CWE is classifying the issue as CWE-269. The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

Unspecified vulnerability in phpTodo before 0.8.1 allows remote attackers to have an unknown impact via newlines in regular expressions to (1) index.php, (2) feed.php, (3) prefs.php, and (4) todolist.php; and (5) classTodoItem.php and (6) phpTodoUser.php in libs/. NOTE: some of these details are obtained from third party information.

The weakness was released 05/13/2007 (Website). The advisory is shared for download at phptodo.godshell.com. This vulnerability is traded as CVE-2007-2636 since 05/13/2007. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. There are known technical details, but no exploit is available. The MITRE ATT&CK project declares the attack technique as T1068.

It is declared as proof-of-concept. By approaching the search of inurl:index.php it is possible to find vulnerable targets with Google Hacking.

Upgrading to version 0.8.1 eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at X-Force (34275).

Productinfo

Vendor

• Jason Frisvold

Name

• phpTodo

Version

• 0.8.0

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion