|
Family: CGI abuses --> Category: attack
Alexandria-dev upload spoofing Vulnerability Scan
Vulnerability Scan Summary Searches for the existence of patch/index.php and docman/new.php
Detailed Explanation for this Vulnerability Test
The remote host seems to be running Alexandria-Dev, an open-sourced
project management system.
The CGIs docman/new.php and patch/index.php can be used by a possible hacker
with the proper credentials to upload a file and trick the server
about its real location on the disk. Therefore, a possible hacker may use
this flaw to read arbitrary files on the remote server.
*** Nessus solely relied on the existence of this CGI to issue
*** this alert, so this might be a false positive
Solution : None at this time
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|