Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

LifeType profile Parameter Information Disclosure Vulnerability Vulnerability Scan

Vulnerability Scan Summary
Tries to read the configuration file for LifeType

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP script that is prone to an
information disclosure vulnerability.

Description :

The remote host is running LifeType, an open-source blogging platform
written in PHP.

The version of LifeType installed on the remote fails to sanitize
input to the 'profile' parameter of the 'rss.php' script of directory
traversal sequences. An unauthenticated remote attacker can be able
to leverage this flaw to read files on the affected host and disclose
sensitive information, such as configuration parameters used by the

See also :

Solution :

Upgrade to Lifetype 1.1.6 / 1.2-beta2 or later.

Threat Level:

Low / CVSS Base Score : 2.3

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.