Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

Alexandria-dev upload spoofing Vulnerability Scan

Vulnerability Scan Summary
Searches for the existence of patch/index.php and docman/new.php

Detailed Explanation for this Vulnerability Test

The remote host seems to be running Alexandria-Dev, an open-sourced
project management system.

The CGIs docman/new.php and patch/index.php can be used by a possible hacker
with the proper credentials to upload a file and trick the server
about its real location on the disk. Therefore, a possible hacker may use
this flaw to read arbitrary files on the remote server.

*** Nessus solely relied on the existence of this CGI to issue
*** this alert, so this might be a false positive

Solution : None at this time
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.