|
Family: Gain a shell remotely --> Category: infos
Discuz! <= 4.0.0 rc4 Arbitrary File Upload Flaw Vulnerability Scan
Vulnerability Scan Summary Checks Discuz! version
Detailed Explanation for this Vulnerability Test
The remote host is using Discuz!, a popular web application forum in
China.
According to its version, the installation of Discuz! on the remote host
fails to properly check for multiple extensions in uploaded files. An
attacker may be able to exploit this issue to execute arbitrary commands
on the remote host subject to the rights of the web server user id,
typically nobody.
See also : http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0440.html
Solution : Upgrade to the latest version of this software.
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|