|
|
Family: CGI abuses --> Category: attack
PHP-Fusion extract() Variable Overwriting Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Tries to overwrite $_SERVER[REMOTE_ADDR] with PHP-Fusion
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP script that is affected by a
variable overwriting flaw.
Description :
The version of PHP-Fusion on the remote host supports registering
variables from user-supplied input in the event that PHP's
'register_globals' setting is disabled, which is the default in
current versions of PHP. Unfortunately, the way in which this has
been implemented in the version on the remote host does not restrict
the variables that can be registered. Thus, an unauthenticated remote
attacker can leverage this flaw to launch various attacks against the
affected application.
See also :
http://retrogod.altervista.org/phpfusion_6-01-4_xpl.html
http://www.securityfocus.com/archive/1/445480/30/0/threaded
Solution :
Unknown at this time.
Threat Level:
Low / CVSS Base Score : 1.9
(AV:R/AC:H/Au:NR/C:N/I:P/A:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
