Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

Ultimate PHP Board username Parameter Arbitrary Command Execution Vulnerability Vulnerability Scan

Vulnerability Scan Summary
Tries to run a command with Ultimate PHP Board

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP script that allows injection of
arbitrary PHP code.

Description :

The remote host is running Ultimate PHP Board (UPB).

The version of UPB installed on the remote host does not sanitize
input to the 'username' parameter of the 'chat/login.php' script
before writing it to 'chat/text.php'. Regardless of PHP's settings,
a possible hacker can leverage this flaw to inject arbitrary PHP code into
the second file and then retrieve that to have the code executed on
the affected host subject to the rights of the web server user id.

See also :

Solution :

Unknown at this time.

Threat Level:

High / CVSS Base Score : 7.0

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.