Family: CGI abuses --> Category: attack
CodeGrrl Applications Remote File Inclusion Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for remote file inclusion vulnerabilities in CodeGrrl applications
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP application that is affected by a
remote file inclusion vulnerability.
The remote host appears to be running at least one of the PHP
applications from CodeGrrl - PHPCalendar, PHPClique, PHPFanBase, or
PHPQuotes. Under certain conditions, these applications fail to
sanitize input to the 'siteurl' parameter of the 'protection.php'
script before using it in a PHP 'include' function. Provided PHP's
'register_globals' setting is enabled, an unauthenticated attacker can
exploit this issue to view arbitrary files on the remote host and to
execute arbitrary PHP code, possibly taken from third-party hosts.
See also :
Enable PHP's 'register_globals' setting.
Low / CVSS Base Score : 2.3
Click HERE for more information and discussions on this network vulnerability scan.