Symlink Attack Vulnerability in phpCAS by Jasig
CVE-2010-3691
Currently unrated
What is CVE-2010-3691?
The vulnerability in phpCAS, specifically in the PGTStorage/pgt-file.php component, arises when proxy mode is enabled. This flaw allows local users to perform a symlink attack, potentially enabling them to overwrite arbitrary files on the system. This can pose significant risks as attackers can manipulate file contents or configuration settings, leading to further security compromises within applications that rely on phpCAS for authentication. It is crucial for users to update to phpCAS version 1.1.3 or later to mitigate this risk.
