Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

4Images <= 1.7.1 Directory Traversal Vulnerability Vulnerability Scan

Vulnerability Scan Summary
Check if 4Images is vulnerable to directory traversal flaws

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP application that is prone to
directory traversal attacks.

Description :

4Images is installed on the remote system. It is an image gallery
management system.

The installed application does not validate user-input passed in the
'template' variable of the 'index.php' file. This allows a possible hacker
to execute directory traversal attacks and display the content of
sensitive files on the system and possibly to execute arbitrary PHP
code if he can write to local files through some other means.

See also :

Solution :

Upgrade to 4Images version 1.7.2 or sanitize the 'index.php' file as
advised by a forum post (see first URL).

Threat Level:

High / CVSS Base Score : 7

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.