Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

Multiple Remote Vulnerabilities in myEvent Vulnerability Scan

Vulnerability Scan Summary
Checks for file includes in myevent.php

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP application that is affected by
multiple vulnerabilities.

Description :

The remote host is running myEvent, a calendar application written in

The installed version of myEvent fails to sanitize user input to the
'myevent_path' parameter in several scripts before using it to include
PHP code from other files. An unauthenticated attacker may be able to
read arbitrary local files or include a file from a remote host that
contains commands which will be executed on the remote host subject to
the rights of the web server process.

In addition, user input to the 'event_id' parameter in 'addevent.php'
and 'del.php', and to the 'event_desc' parameter in 'addevent.php' is
not properly sanitised before being used in a SQL query, which may
allow a possible hacker to insert arbritrary SQL statements in the remote
database. A similar lack of sanitation involving the 'event_desc'
parameter of 'addevent.php' allows for cross-site scripting attacks
against the affected application.

These flaws are exploitable only if PHP's register_globals is enabled.

See also :

Solution :

Unknown at this time.

Threat Level:

High / CVSS Base Score : 7.0

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.