Family: CGI abuses --> Category: attack
ELOG < 2.6.1 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for multiple vulnerabilities in ELOG < 2.6.1
Detailed Explanation for this Vulnerability Test
The remote web server is affected by multiple flaws.
The remote host appears to be using ELOG, a web-based electronic
The version of ELOG installed on the remote host fails to filter
directory traversal strings before processing GET requests. An
attacker can exploit this issue to retrieve the contents of arbitrary
files from the remote host, subject to the rights under which ELOG
In addition, the application is reportedly affected by a format string
vulnerability in the 'write_logfile'. Provided logging is enabled, an
attacker may be able to exploit this via the 'uname' parameter of the
login form to crash the application or execute arbitrary code
See also :
Upgrade to ELOG version 2.6.1 or later.
Low / CVSS Base Score : 2.3
Click HERE for more information and discussions on this network vulnerability scan.