Family: CGI abuses --> Category: attack
e107 ePing Plugin Arbitrary Code Execution Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for arbitrary code execution vulnerability in e107 ePing plugin
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP script that is prone to arbitrary
The installation of e107 on the remote host includes the ePing test.
This test fails to sanitize the 'eping_cmd', 'eping_count' and/or
'eping_host' parameters of the 'doping.php' script before using them
in a system() call. A possible hacker can exploit this flaw to execute
arbitrary shell commands subject to the rights of the userid under
which the affected application runs.
See also :
Upgrade to ePing test version 1.03 or later.
High / CVSS Base Score : 7
Click HERE for more information and discussions on this network vulnerability scan.