Source: acidbase Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for acidbase.
CVE-2012-1198[0]: | base_ag_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 | allows remote attackers to execute arbitrary code by uploading | contents of the file with an executable extension via a create action, | then accessing it via a view action. From what I see the remote file inclusion is limited to environments with register_globals being on though. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1198 http://security-tracker.debian.org/tracker/CVE-2012-1198 -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted.
pgpA1VUtg9uUe.pgp
Description: PGP signature
