|
Family: CGI abuses --> Category: attack
AutoLinks Pro alpath Parameter File Include Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for alpath parameter file include vulnerability in AutoLinks Pro
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP script that suffers from a remote
file include flaw.
Description :
The remote host is running AutoLinks Pro, a commercial link management
package.
The version of AutoLinks Pro installed on the remote host allows
attackers to control the 'alpath' parameter used when including PHP
code in the 'al_initialize.php' script. By leveraging this flaw, an
unauthenticated attacker is able to view arbitrary files on the remote
host and to execute arbitrary PHP code, possibly taken from third-
party hosts.
Solution :
Unknown at this time.
Threat Level:
Medium / CVSS Base Score : 6
(AV:R/AC:H/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|