Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: destructive_attack

UBB.threads doeditconfig Command Injection Vulnerability Vulnerability Scan

Vulnerability Scan Summary
Tries to exploit an command injection flaw in UBB.threads

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP script that allows injection of
arbitrary PHP commands.

Description :

The version of UBB.threads installed on the remote host fails to
sanitize input to the 'thispath' and 'config' parameters of the
'admin/doeditconfig.php' script before using them to update the
application's configuration file. Provided PHP's 'register_globals'
setting is enabled, an unauthenticated attacker may be able to exploit
this flaw to modify configuration settings for the affected
application and even injecting arbitary PHP code to be executed
whenever the config file is loaded.

See also :

Solution :

Either disable PHP's 'register_globals' setting or upgrade to UBB.threads
6.5.5 or later.

Threat Level:

High / CVSS Base Score : 7.0

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.