Family: CGI abuses --> Category: attack
RCBlog post Parameter Directory Traversal Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for directory transversal in RCBlog index.php script
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP script that is prone to directory
The remote host is running RCBlog, a blog written in PHP.
The remote version of this software fails to sanitize user-supplied
input to the 'post' parameter of the 'index.php' script. A possible hacker
can use this to access arbitrary files on the remote host provided
PHP's 'magic_quotes' setting is disabled or, regardless of that
setting, files with a '.txt' extension such as those used by the
application to store administrative credentials.
See also :
Remove the application as its author no longer supports it.
Low / CVSS Base Score : 2.3
Click HERE for more information and discussions on this network vulnerability scan.