Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

ELOG < 2.6.1 Multiple Vulnerabilities Vulnerability Scan

Vulnerability Scan Summary
Checks for multiple vulnerabilities in ELOG < 2.6.1

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server is affected by multiple flaws.

Description :

The remote host appears to be using ELOG, a web-based electronic
logbook application.

The version of ELOG installed on the remote host fails to filter
directory traversal strings before processing GET requests. An
attacker can exploit this issue to retrieve the contents of arbitrary
files from the remote host, subject to the rights under which ELOG

In addition, the application is reportedly affected by a format string
vulnerability in the 'write_logfile'. Provided logging is enabled, an
attacker may be able to exploit this via the 'uname' parameter of the
login form to crash the application or execute arbitrary code

See also :

Solution :

Upgrade to ELOG version 2.6.1 or later.

Threat Level:

Low / CVSS Base Score : 2.3

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.