製品・ソフトウェアに関する情報

JVN脆弱性詳細

BasiliX における PHP リモートファイルインクルージョンの脆弱性

Title	BasiliX における PHP リモートファイルインクルージョンの脆弱性
Summary	BasiliX には、PHP リモートファイルインクルージョンの脆弱性が存在します。
Possible impacts	第三者により、(1) /files/ including 配下の以下のスクリプト内の BSX_LIBDIR パラメータ、および (2) files/login.php3 内の BSX_HTXDIR パラメータを介して、任意の PHP コードが実行される可能性があります。 (a) abook.php3 (b) compose-attach.php3 (c) compose-menu.php3 (d) compose-new.php3 (e) compose-send.php3 (f) folder-create.php3 (g) folder-delete.php3 (h) folder-empty.php3 (i) folder-rename.php3 (j) folders.php3 (k) mbox-action.php3 (l) mbox-list.php3 (m) message-delete.php3 (n) message-forward.php3 (o) message-header.php3 (p) message-print.php3 (q) message-read.php3 (r) message-reply.php3 (s) message-replyall.php3 (t) message-search.php3 (u) settings.php3
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Oct. 5, 2006, midnight
Registration Date	June 26, 2012, 3:37 p.m.
Last Update	June 26, 2012, 3:37 p.m.

Affected System

basilix

basilix webmail 1.1.1 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2006-5167	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5167
National Vulnerability Database (NVD)
2	CVE-2006-5167	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5167

ベンダー情報

No	Name	URL
basilix
1	Top Page	http://sourceforge.net/projects/basilix/

Change Log

No	Changed Details	Date of change
0	[2012年06月26日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2006-5167

Summary	Multiple PHP remote file inclusion vulnerabilities in BasiliX 1.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) BSX_LIBDIR parameter in scripts in /files/ including (a) abook.php3, (b) compose-attach.php3, (c) compose-menu.php3, (d) compose-new.php3, (e) compose-send.php3, (f) folder-create.php3, (g) folder-delete.php3, (h) folder-empty.php3, (i) folder-rename.php3, (j) folders.php3, (k) mbox-action.php3, (l) mbox-list.php3, (m) message-delete.php3, (n) message-forward.php3, (o) message-header.php3, (p) message-print.php3, (q) message-read.php3, (r) message-reply.php3, (s) message-replyall.php3, (t) message-search.php3, or (u) settings.php3; and the (2) BSX_HTXDIR parameter in (v) files/login.php3.
Summary	Successful exploitation requires that "register_globals" is enabled.
Publication Date	Oct. 5, 2006, 1:04 p.m.
Registration Date	Jan. 29, 2021, 3:47 p.m.
Last Update	Oct. 19, 2017, 10:29 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:basilix:basilix_webmail:0.9.7_beta:::::::*
cpe:2.3:a:basilix:basilix_webmail:1.1.0:::::::*
cpe:2.3:a:basilix:basilix_webmail::::::::		1.1.1
cpe:2.3:a:basilix:basilix_webmail:1.02_beta:::::::*
cpe:2.3:a:basilix:basilix_webmail:1.03_beta:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://secunia.com/advisories/22231	SECUNIA	Exploit Vendor Advisory
2	http://www.osvdb.org/29403	OSVDB
3	http://www.securityfocus.com/bid/20287	BID	Exploit
4	http://www.vupen.com/english/advisories/2006/3866	VUPEN
5	https://exchange.xforce.ibmcloud.com/vulnerabilities/29289	XF
6	https://www.exploit-db.com/exploits/2465	EXPLOIT-DB

Common Vulnerabilities List