Family: CGI abuses --> Category: attack
SiteBuilder-FX admindir Parameter Remote File Include Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Tries to read a local file using SiteBuilder-FX
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP application that is prone to a
remote file include attack.
The remote host is running SiteBuilder-FX, a web-based design system
written in PHP.
The version of SiteBuilder-FX installed on the remote host fails to
sanitize input to the 'admindir' parameter of the 'admin/top.php'
script before using it to include PHP code. Regardless of the setting
of PHP's 'register_globals', an unauthenticated attacker may be able
to exploit these flaws to view arbitrary files on the remote host or
to execute arbitrary PHP code, possibly taken from third-party hosts.
Unknown at this time.
Medium / CVSS Base Score : 5.6
Click HERE for more information and discussions on this network vulnerability scan.