Family: CGI abuses --> Category: attack
SAXoPRESS url Parameter Directory Traversal Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Tries to retrieve a file using SAXoPRESS
Detailed Explanation for this Vulnerability Test
The remote web server contains an application that is prone to
directory traversal attacks.
The remote host is running SAXoPRESS or Publicus, web content
management systems commonly used by newspapers.
The installation of SAXoPRESS / Publicus on the remote host fails to
validate user input to the 'url' parameter of the 'apps/pbcs.dll'
script. A possible hacker can exploit this issue to access files on the
remote host via directory traversal, subject to the rights of the
web server user id.
See also :
Unknown at this time.
High / CVSS Base Score : 7.0
Click HERE for more information and discussions on this network vulnerability scan.