|
Family: CGI abuses --> Category: attack
PHP-Update blog.php Variable Overwriting Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks if variables can be overwritten with PHP-Update's blog.php
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP script that is affected by a data
modification vulnerability.
Description :
The remote host is running PHP-Update, a content management system
written in PHP.
The version of PHP-Update installed on the remote host fails to
sanitize user-supplied arguments to the 'blog.php' script before
importing them into the global symbol table. By leveraging this flaw,
an unauthenticated remote attacker can gain control of the application
and possibly execute arbitrary code on the remote host, subject to the
permissions of the web server user id.
See also :
http://www.milw0rm.com/exploits/2953
Solution :
Unknown at this time.
Threat Level:
High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|