|
Family: CGI abuses --> Category: attack
Stadtaus Form Mail Script Remote File Include Vulnerability Vulnerability Scan
Vulnerability Scan Summary Detects file include vulnerabilities in Stadtaus' PHP Scripts
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP script that is affected by a
remote file include flaw.
Description :
There is a version of Form Mail Script, a PHP script by Ralf Stadtaus,
installed on the remote host that suffers from a remote file include
vulnerability involving the 'script_root' parameter of the
'inc/formmail.inc.php' script. By leveraging this flaw, a possible hacker
may be able to view arbitrary files on the remote host or to execute
arbitrary PHP code, possibly taken from third-party hosts if PHP's
'register_globals' setting is enabled.
See also :
http://archives.neohapsis.com/archives/bugtraq/2005-03/0083.html
http://www.stadtaus.com/forum/p-5887.html
Solution :
Upgrade to Form Mail Script version 2.4 or later.
Threat Level:
Medium / CVSS Base Score : 6
(AV:R/AC:H/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|