Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: infos

WebAdmin < 3.2.5 Multiple Vulnerabilities Vulnerability Scan

Vulnerability Scan Summary
Checks version of WebAdmin

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a CGI application that is affected by
multiple issues.

Description :

The remote host is running WebAdmin, a web-based remote administration
tool for Alt-N MDaemon.

According to its banner, the installed version of WebAdmin fails to
properly filter directory traversal sequences from the 'file'
parameter of the 'logfile_view.wdm' and 'configfile_view.wdm' scripts.
A global administrator can leverage this issue to read and write to
arbitrary files on the affected host, subject to the rights of the
web server user id, which in the case WebAdmin's internal web server
is used, is LOCAL SYSTEM.

In addition, the affected application also reportedly allows a domain
administrator to edit the account of a global administrator, which can
be leveraged to login as the global administrator by changing his

See also :

Solution :

Upgrade to WebAdmin 3.2.5 or later.

Threat Level:

High / CVSS Base Score : 7.0

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.