Cute PHP Library (cphplib) May Incorrectly Validate Parameters
|
|
SecurityTracker Alert ID: 1011076
|
|
SecurityTracker URL: http://securitytracker.com/id?1011076
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
|
OSVDB Reference: 9224
(Links to External Site)
|
Date: Aug 27 2004
|
Impact: Modification of user information
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 0.46 and prior versions
|
Description: A vulnerability was reported in the Cute PHP Library (cphplib). The library may incorrectly validate certain parameters.
The vendor reported that some of the library functions to validate parameters (e.g., password, e-mail address, phone number) contains
flawed regular expression statements. The library's validation functions may not perform properly and may validate parameter contents
that are invalid.
Applications that use the library may be adversely affected if using the validation functions for security
relevant processing. The specific impact depends on the application using the affected functions.
The flaw resides in 'cphplib.inc'.
|
Impact: An application that uses the library may be adversely affected if using the validation functions for security relevant processing. The specific impact depends on how the application uses the affected functions.
|
Solution: The vendor has released a fixed version (0.47), available at:
http://www.meindlsoft.com/cphplib_download.php
|
Vendor URL: www.meindlsoft.com/cphplib.php (Links to External Site)
|
Cause: State error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Aug 27, 2004
Subject: Cute PHP Library (cphplib)
|
http://www.meindlsoft.com/cphplib_changelog.php
> Cute PHP Library (cphplib) - ChangeLog
> 2004-08-25 - v0.47
> * security fix in regular expressions
|
|
