Family: CGI abuses --> Category: attack
SQLiteManager SQLiteManager_currentTheme Cookie Local File Include Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Tries to read a local file with SQLiteManager
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP script that is susceptible to a
local file include attack.
The remote host is running SQLiteManager, a web-based application for
managing SQLite databases.
The version of SQLiteManager installed on the remote host fails to
sanitize user input to the 'SQLiteManager_currentTheme' cookie before
using it to include PHP code in 'include/config.inc.php'. An
unauthenticated remote attacker may be able to exploit this issue to
view arbitrary files or to execute arbitrary PHP code on the remote
host, subject to the rights of the web server user id.
See also :
Unknown at this time.
Medium / CVSS Base Score : 5.6
Click HERE for more information and discussions on this network vulnerability scan.