|
Family: CGI abuses --> Category: attack
Flyspray adodbpath Parameter Remote File Include Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for adodbpath parameter remote file include vulnerability in Flyspray
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP script that is affected by a
remote file include vulnerability.
Description :
The remote host is running Flyspray, an open-source, web-based, bug
tracking system written in PHP.
The installed version of Flyspray contains an installation script that
does not require authentication and that fails to sanitize user input
to the 'adodbpath' parameter before using it in a PHP 'include_once()'
function. An unauthenticated attacker may be able to exploit this
issue to view arbitrary files on the remote host and to execute
arbitrary PHP code, possibly taken from third-party hosts.
See also :
http://retrogod.altervista.org/egs_10rc4_php5_incl_xpl.html
http://www.securityfocus.com/archive/1/424902/30/0/threaded
Solution :
Remove the affected script.
Threat Level:
Low / CVSS Base Score : 2.3
(AV:R/AC:L/Au:NR/C:N/I:P/A:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|