Family: CGI abuses --> Category: attack
PPA ppa_root_path Variable File Include Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for ppa_root_path variable file include vulnerability in PPA
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP script that is prone to a remote
file include attack.
The remote host is running PPA, a free, PHP-based photo gallery.
The installed version of PPA allows remote attackers to control the
'config[ppa_root_path]' variable used when including PHP code in the
'inc/functions.inc.php' script. By leveraging this flaw, a possible hacker
may be able to view arbitrary files on the remote host and execute
arbitrary PHP code, possibly taken from third-party hosts.
See also :
Ensure that PHP's 'magic_quotes_gpc' setting is enabled and that
'allow_url_fopen' is disabled.
High / CVSS Base Score : 7
Click HERE for more information and discussions on this network vulnerability scan.