Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

WEBalbum Local File Include Vulnerability Vulnerability Scan

Vulnerability Scan Summary
Checks for file includes in index.php

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP application that is affected by a
local file include vulnerability.

Description :

The remote host is running WEBalbum, a photo album application written
in PHP.

The installed version of WEBalbum fails to sanitize user input to the
'skin2' cookie in 'inc/inc_main.php' before using it to include
arbitrary files. An unauthenticated attacker may be able to read
arbitrary local files or include a local file that contains commands
which will be executed on the remote host subject to the rights of
the web server process.

This flaw is only exploitable if PHP's 'magic_quotes_gpc' is disabled.

See also :

Solution :

Unknown at this time.

Threat Level:

Medium / CVSS Base Score : 6

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.