发布时间 :2003-12-31 00:00:00
修订时间 :2008-09-05 16:36:51

[原文]PHP remote file inclusion vulnerability in email.php (aka email.php3) in Cedric Email Reader 0.2 and 0.3 allows remote attackers to execute arbitrary PHP code via the cer_skin parameter.

[CNNVD]Cedric Email Reader skin配置脚本远程文件包含漏洞(CNNVD-200312-409)

        Cedric Email Reader是一款由PHP编写的基于WEB的邮件客户端。
        Cedric Email Reader 0.2和0.3版本包含的email.php3脚本对用户提交的输入缺少正确检查,远程攻击者可以利用这个漏洞包含恶意PHP文件,以WEB进程权限执行PHP文件中的任意命令。

- CVSS (基础分值)

CVSS分值: 6.8 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-94 [对生成代码的控制不恰当(代码注入)]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  XF  cedric-email-file-include(11278)
(UNKNOWN)  BID  6818
(UNKNOWN)  BUGTRAQ  20030209 Cedric Email Reader (PHP)

- 漏洞信息

Cedric Email Reader skin配置脚本远程文件包含漏洞
中危 配置错误
2003-12-31 00:00:00 2012-12-07 00:00:00
        Cedric Email Reader是一款由PHP编写的基于WEB的邮件客户端。
        Cedric Email Reader 0.2和0.3版本包含的email.php3脚本对用户提交的输入缺少正确检查,远程攻击者可以利用这个漏洞包含恶意PHP文件,以WEB进程权限执行PHP文件中的任意命令。

- 公告与补丁

        * 编辑php.ini文件,设置'allow_url_fopen'和'register_globals'选项为'off'。

- 漏洞信息 (22241)

Cedric Email Reader 0.2/0.3 Skin Configuration Script Remote File Include Vulnerability (EDBID:22241)
php webapps
2003-02-09 Verified
0 MGhz
N/A [点击下载]

It has been reported that Cedric Email Reader is prone to an issue that may allow remote attackers to include malicious files located on remote servers. This issue is present in the 'email.php' script.

Under some circumstances, it is possible for remote attackers to influence the include path for a configuration file to point to an external file on a remote server.

If the remote file is a malicious PHP script, this may be exploited to execute arbitrary system commands in the context of the web server.

It has also been reported that it is possible to cause local files to be included, resulting in disclosure of webserver readable files to the attacker. This has not been confirmed. 


- 漏洞信息

Cedric Email Reader email.php cer_skin Parameter Remote File Inclusion
Remote / Network Access Input Manipulation
Loss of Confidentiality, Loss of Integrity
Exploit Public

- 漏洞描述

Cedric Mail Reader contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cer_skin' variable upon submission to the 'email.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

- 时间线

2003-02-09 2003-02-09
2003-02-09 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者