Package: acidbase
Severity: critical
Tags: security
Justification: root security hole
The ImportHTTPVar() function (defined in acid_state_common.inc and
include/base_state_common.inc) is defined as:
function ImportHTTPVar($var_name, $valid_data = "", $exception = "")
and calls CleanVariable($tmp, $valid_data, $exception), which should be used
to clean up of invalid characters. However, that one is defined as:
function CleanVariable($item, $valid_data, $exception = "")
{
return $item;
(...)
}
So SQL injection (as well as XSS) are possible since:
- calls to extract information from the HTTP request does not use
ImportHTTPVar() with $valid_data set.
- CleanVariable() does not check against $valid_data
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-1-686
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
