Family: CGI abuses --> Category: attack
PHPNews auth.php Remote File Include Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Detects remote file include vulnerability in auth.php in PHPNews
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP script that suffers from a remote
file include vulnerability.
The remote host is running PHPNews, an open-source news application
written in PHP.
The installed version of PHPNews has a remote file include
vulnerability in the script 'auth.php'. By leveraging this flaw, a
attacker can cause arbitrary PHP code to be executed on the remote
host using the permissions of the web server user.
See also :
Upgrade to PHPNews 1.2.5 or greater or make sure PHP's
'register_globals' and 'allow_url_fopen' settings are disabled.
Medium / CVSS Base Score : 6
Click HERE for more information and discussions on this network vulnerability scan.