CVE-2007-5014 in pSlash
Summary
by MITRE
Multiple PHP remote file inclusion vulnerabilities in pSlash 0.70 allow remote attackers to execute arbitrary PHP code via a URL in (1) the lvc_admin_dir parameter to modules/visitors2/admin/view-archiver.inc.php or (2) the lvc_include_dir parameter to modules/visitors2/include/menus.inc.php. NOTE: the modules/visitors2/include/config.inc.php vector is already covered by CVE-2006-4373. NOTE: vector 1 is disputed by CVE because PHP encounters a fatal instantiation error on a direct request for the file, before reaching the include statement.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 08/13/2017
The vulnerability described in CVE-2007-5014 represents a critical remote code execution flaw affecting the pSlash content management system version 0.70. This issue stems from improper input validation and unsafe file inclusion practices within the application's visitor management modules. The vulnerability exists in two distinct locations within the codebase, specifically targeting the lvc_admin_dir parameter in view-archiver.inc.php and the lvc_include_dir parameter in menus.inc.php. These parameters are used to dynamically include PHP files, creating an opportunity for attackers to inject malicious code through manipulated URL parameters.
The technical exploitation of this vulnerability occurs through a classic remote file inclusion attack pattern where malicious actors manipulate the target parameters to include arbitrary PHP files from remote servers. When the application processes these parameters without proper sanitization, it blindly includes the specified files, allowing attackers to execute arbitrary PHP code on the target server. The vulnerability is particularly dangerous because it enables full system compromise, potentially allowing attackers to gain administrative access, steal sensitive data, or deploy additional malware. The flaw demonstrates poor input validation practices and highlights the importance of implementing secure coding methodologies that prevent dynamic file inclusion from being controlled by external input.
From an operational perspective, this vulnerability creates significant risk for organizations using pSlash 0.70, as it provides attackers with a straightforward path to system compromise. The attack vector requires minimal skill level and can be automated, making it attractive to both skilled and amateur threat actors. The fact that one of the vectors is disputed due to a fatal instantiation error indicates that the vulnerability may have been partially mitigated or requires specific conditions to be exploited successfully. However, the remaining exploitable vector in the menus.inc.php file still poses a serious threat to system security. Organizations using vulnerable versions of pSlash face potential data breaches, service disruption, and compliance violations that could result in substantial financial and reputational damage.
Security mitigations for this vulnerability should focus on immediate patching of the pSlash application to version 0.71 or later, which contains the necessary fixes for these remote file inclusion issues. Additionally, administrators should implement input validation measures that sanitize all user-supplied parameters before they are processed by the application. The use of allow_url_include and allow_url_fopen directives in php.ini should be disabled to prevent PHP from including files from remote locations. Network-level protections such as web application firewalls can help detect and block malicious requests attempting to exploit these parameters. This vulnerability aligns with CWE-88, which describes improper neutralization of special elements in input that could lead to command injection, and corresponds to ATT&CK technique T1190, which covers exploitation of remote services through web application vulnerabilities. Organizations should also conduct thorough security assessments of their web applications to identify similar insecure file inclusion patterns that could lead to similar vulnerabilities in other systems.