Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

PHP-Fusion extract() Variable Overwriting Vulnerabilities Vulnerability Scan

Vulnerability Scan Summary
Tries to overwrite $_SERVER[REMOTE_ADDR] with PHP-Fusion

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP script that is affected by a
variable overwriting flaw.

Description :

The version of PHP-Fusion on the remote host supports registering
variables from user-supplied input in the event that PHP's
'register_globals' setting is disabled, which is the default in
current versions of PHP. Unfortunately, the way in which this has
been implemented in the version on the remote host does not restrict
the variables that can be registered. Thus, an unauthenticated remote
attacker can leverage this flaw to launch various attacks against the
affected application.

See also :

Solution :

Unknown at this time.

Threat Level:

Low / CVSS Base Score : 1.9

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.