|
|
Family: CGI abuses --> Category: attack
Limbo com_fm Component PHP Shell Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Tries to call Limbo's com_fm installer
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains PHP scripts that allow copying of
arbitrary files into the web document directory.
Description :
The remote host is running Limbo CMS, a content-management system
written in PHP.
The 'com_fm' component of the version of Limbo installed on the remote
host allows an unauthenticated remote attacker to copy arbitrary
files, possibly taken from a third-party host, into the web document
directory. An unauthenticated attacker may be able to exploit this
flaw to read files on the affected host or even set up a PHP shell
that would allow execution of arbitrary code, subject to the
rights of the web server user id.
See also :
http://www.securityfocus.com/archive/1/446142/30/0/threaded
Solution :
Unknown at this time.
Threat Level:
Medium / CVSS Base Score : 6
(AV:R/AC:H/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
