Family: CGI abuses --> Category: attack
CuteNews code injection Vulnerability Scan
Vulnerability Scan Summary
Searches for the existence of search.php
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP application that is subject to
multiple remote file include attacks.
The version of CuteNews installed on the remote host fails to sanitize
input to the 'cutepath' parameter before using it in various scripts
to include PHP code. A possible hacker may use this flaw to inject
arbitrary code in the remote host and gain a shell with the rights
of the web server.
See also :
Upgrade to CuteNews 0.89 or newer.
Low / CVSS Base Score : 2.3
Click HERE for more information and discussions on this network vulnerability scan.