Family: CGI abuses --> Category: attack
Stadtaus Form Mail Script Remote File Include Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Detects file include vulnerabilities in Stadtaus' PHP Scripts
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP script that is affected by a
remote file include flaw.
There is a version of Form Mail Script, a PHP script by Ralf Stadtaus,
installed on the remote host that suffers from a remote file include
vulnerability involving the 'script_root' parameter of the
'inc/formmail.inc.php' script. By leveraging this flaw, a possible hacker
may be able to view arbitrary files on the remote host or to execute
arbitrary PHP code, possibly taken from third-party hosts if PHP's
'register_globals' setting is enabled.
See also :
Upgrade to Form Mail Script version 2.4 or later.
Medium / CVSS Base Score : 6
Click HERE for more information and discussions on this network vulnerability scan.