Sign-up

ID

VAR-201004-0399


CVE

CVE-2010-1528


TITLE

Uiga Proxy of include/template.php In PHP Remote file inclusion vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2010-005421

DESCRIPTION

PHP remote file inclusion vulnerability in include/template.php in Uiga Proxy, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the content parameter. \"Uiga Proxy is a proxy server that allows users behind a firewall/proxy server to access a restricted web site. To successfully exploit this vulnerability, you need to enable the \"\"register_globals\"\" option. \". Uiga Proxy is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. This may facilitate a compromise of the application and the underlying system; other attacks are also possible. ---------------------------------------------------------------------- Secunia CSI + Microsoft SCCM ----------------------- = Extensive Patch Management http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Uiga Proxy "content" File Inclusion Vulnerability SECUNIA ADVISORY ID: SA39313 VERIFY ADVISORY: http://secunia.com/advisories/39313/ DESCRIPTION: A vulnerability has been discovered in Uiga Proxy, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the "content" parameter in include/template.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources. Successful exploitation requires that "register_globals" is enabled (discouraged for security reasons in README.txt). SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: ItSecTeam ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/12049 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.52

sources: NVD: CVE-2010-1528 // JVNDB: JVNDB-2010-005421 // CNVD: CNVD-2010-0519 // BID: 39365 // PACKETSTORM: 88084

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2010-0519

AFFECTED PRODUCTS

vendor:uigamodel:proxyscope: - version: -

Trust: 1.4

vendor:uigamodel:proxyscope:eqversion:*

Trust: 1.0

vendor:nomodel: - scope: - version: -

Trust: 0.6

vendor:uigamodel:proxyscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2010-0519 // BID: 39365 // JVNDB: JVNDB-2010-005421 // CNNVD: CNNVD-201004-410 // NVD: CVE-2010-1528

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-1528
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-1528
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201004-410
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2010-1528
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2010-005421 // CNNVD: CNNVD-201004-410 // NVD: CVE-2010-1528

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.8

sources: JVNDB: JVNDB-2010-005421 // NVD: CVE-2010-1528

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201004-410

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201004-410

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-005421

PATCH
title:Top Pageurl:http://www.uiga.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-005421

EXTERNAL IDS
db:NVDid:CVE-2010-1528
Trust: 3.3
db:SECUNIAid:39313
Trust: 2.4
db:BIDid:39365
Trust: 1.9
db:EXPLOIT-DBid:12049
Trust: 1.7
db:OSVDBid:63528
Trust: 1.6
db:JVNDBid:JVNDB-2010-005421
Trust: 0.8
db:CNVDid:CNVD-2010-0519
Trust: 0.6
db:XFid:57515
Trust: 0.6
db:CNNVDid:CNNVD-201004-410
Trust: 0.6
db:PACKETSTORMid:88084
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2010-0519 // 
            
            
            
            BID: 39365 // 
            
            
            
            JVNDB: JVNDB-2010-005421 // 
            
            
            
            PACKETSTORM: 88084 // 
            
            
            
            CNNVD: CNNVD-201004-410 // 
            
            
            
            NVD: CVE-2010-1528

REFERENCES
url:http://www.exploit-db.com/exploits/12049
Trust: 1.7
url:http://www.securityfocus.com/bid/39365
Trust: 1.6
url:http://www.osvdb.org/63528
Trust: 1.6
url:http://secunia.com/advisories/39313
Trust: 1.6
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/57515
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1528
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1528
Trust: 0.8
url:http://secunia.com/advisories/39313/
Trust: 0.7
url:http://xforce.iss.net/xforce/xfdb/57515
Trust: 0.6
url:http://www.uiga.com/
Trust: 0.3
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2010-0519 // 
            
            
            
            BID: 39365 // 
            
            
            
            JVNDB: JVNDB-2010-005421 // 
            
            
            
            PACKETSTORM: 88084 // 
            
            
            
            CNNVD: CNNVD-201004-410 // 
            
            
            
            NVD: CVE-2010-1528

CREDITS
ItSecTeam
Trust: 0.9
sources:
            
            
            BID: 39365 // 
            
            
            
            CNNVD: CNNVD-201004-410

SOURCES
db:CNVDid:CNVD-2010-0519
db:BIDid:39365
db:JVNDBid:JVNDB-2010-005421
db:PACKETSTORMid:88084
db:CNNVDid:CNNVD-201004-410
db:NVDid:CVE-2010-1528

LAST UPDATE DATE
2025-04-11T23:03:20.869000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2010-0519date:2010-04-05T00:00:00
db:BIDid:39365date:2015-04-13T21:02:00
db:JVNDBid:JVNDB-2010-005421date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-201004-410date:2010-04-26T00:00:00
db:NVDid:CVE-2010-1528date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2010-0519date:2010-04-05T00:00:00
db:BIDid:39365date:2010-04-09T00:00:00
db:JVNDBid:JVNDB-2010-005421date:2012-12-20T00:00:00
db:PACKETSTORMid:88084date:2010-04-05T16:42:56
db:CNNVDid:CNNVD-201004-410date:2010-04-26T00:00:00
db:NVDid:CVE-2010-1528date:2010-04-26T18:30:00.457