|
Family: CGI abuses --> Category: infos
MediaWiki Multiple Remote Vulnerabilities (2) Vulnerability Scan
Vulnerability Scan Summary Attempts to execute phpinfo() remotely
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a set of PHP scripts that allow an
attacker to execute arbitrary commands the remote host.
Description :
The remote host appears to be running a version of MediaWiki 1.5 older
than version 1.5.3. Due to improper sanitation of user-supplied
input, the installed version of MediaWiki allows an unauthenticated
remote attacker to execute arbitrary PHP and shell commands on the
remote host subject to the rights of the web server user id.
See also :
http://sourceforge.net/project/shownotes.php?group_id=34373&release_id=375755
Solution:
Upgrade to MediaWiki 1.5.3 or later.
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|