Family: CGI abuses --> Category: attack
Netquery <= 3.11 Arbitrary Command Execution Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for arbitrary command execution vulnerability in Netquery <= 3.11
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP application that is prone to a
arbitrary command execution vulnerability.
The remote host is running Netquery, a suite of network information
utilities written in PHP.
The installed version of Netquery lets a possible hacker execute arbitrary
commands within the context of the affected web server user id by
passing them through the 'host' parameter of the 'nquser.php' script.
See also :
Upgrade to Netquery 3.2 or later, as that is rumored to address the
Medium / CVSS Base Score : 6
Click HERE for more information and discussions on this network vulnerability scan.