|
Family: CGI abuses --> Category: attack
WEBalbum Local File Include Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for file includes in index.php
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is affected by a
local file include vulnerability.
Description :
The remote host is running WEBalbum, a photo album application written
in PHP.
The installed version of WEBalbum fails to sanitize user input to the
'skin2' cookie in 'inc/inc_main.php' before using it to include
arbitrary files. An unauthenticated attacker may be able to read
arbitrary local files or include a local file that contains commands
which will be executed on the remote host subject to the rights of
the web server process.
This flaw is only exploitable if PHP's 'magic_quotes_gpc' is disabled.
See also :
http://milw0rm.com/exploits/1608
Solution :
Unknown at this time.
Threat Level:
Medium / CVSS Base Score : 6
(AV:R/AC:H/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|