Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: infos

phpSysInfo < 2.4.1 Multiple Vulnerabilities Vulnerability Scan

Vulnerability Scan Summary
Checks for multiple vulnerabilities in phpSysInfo < 2.4.1

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP application that is affected by
multiple vulnerabilities.

Description :

The remote host is running phpSysInfo, a PHP application that parses
the /proc entries on Linux/Unix systems and displays them in HTML.

The installed version of phpSysInfo on the remote host has a design
flaw in its globalization layer such that the script's variables can
be overwritten independent of PHP's 'register_globals' setting. By
exploiting this issue, a possible hacker may be able to read arbitrary files
on the remote host (if PHP's 'magic_quotes_gpc' setting is off) and
even execute arbitrary PHP code, both subject to the rights of the
web server user id.

In addition, the application fails to sanitize user-supplied input
before using it in dynamically-generated pages, which can be used to
conduct cross-site scripting and HTTP response splitting attacks.

See also :

Solution :

Upgrade to phpSysInfo 2.4.1 or later.

Threat Level:

Low / CVSS Base Score : 2.3

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.