• IDP Daily Update #1375
  posted: 02/27/09
  
• NSM Daily Update #1375
  posted: 02/27/09
  
• Deep Inspection 5.3r5 and above, 5.4, 6.0 #1375
  posted: 02/27/09
  
• Deep Inspection 5.1, 5.2, 5.3r4 and below #1361
  posted: 02/27/09
  
• Deep Inspection 5.0 #1132
  posted: 04/01/08
  
• Antivirus
  posted: 02/26/09

Text Size:        

• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: PHPSecurityAdmin Logout.PHP Remote File Include Vulnerability

Severity: HIGH

Description:

SecurityAdmin is an application that allows administrators to manage user accounts; it is implemented in PHP.

The application is prone to a remote file-include vulnerability because the applications fails to sufficiently sanitize user-supplied input to the 'PSA_PATH' parameter of the 'logout.php' script.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Affected Products:

• PHPSecurityAdmin PHPSecurityAdmin 4.0.2

References:

• PHPSecurityAdmin: PHPSecurityAdmin Homepage