|
Family: CGI abuses --> Category: attack
SQLiteManager SQLiteManager_currentTheme Cookie Local File Include Vulnerability Vulnerability Scan
Vulnerability Scan Summary Tries to read a local file with SQLiteManager
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP script that is susceptible to a
local file include attack.
Description :
The remote host is running SQLiteManager, a web-based application for
managing SQLite databases.
The version of SQLiteManager installed on the remote host fails to
sanitize user input to the 'SQLiteManager_currentTheme' cookie before
using it to include PHP code in 'include/config.inc.php'. An
unauthenticated remote attacker may be able to exploit this issue to
view arbitrary files or to execute arbitrary PHP code on the remote
host, subject to the rights of the web server user id.
See also :
http://www.securityfocus.com/archive/1/461304/30/0/threaded
Solution :
Unknown at this time.
Threat Level:
Medium / CVSS Base Score : 5.6
(AV:R/AC:H/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|