Family: CGI abuses --> Category: attack
e107 eTrace Plugin Arbitrary Code Execution Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for arbitrary code execution vulnerability in e107 eTrace plugin
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP script that is prone to arbitrary
The installation of e107 on the remote host includes the eTrace
test. This test fails to sanitize the 'etrace_cmd' and
'etrace_host' parameters of the 'dotrace.php' script before using them
in a system() call. A possible hacker can exploit this flaw to execute
arbitrary shell commands subject to the rights of the userid under
which the affected application runs.
See also :
Upgrade to eTrace test version 1.03 or later.
High / CVSS Base Score : 7
Click HERE for more information and discussions on this network vulnerability scan.