Family: CGI abuses --> Category: attack
phpWebNotes t_path_core Parameter File Include Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for t_path_core parameter file include vulnerability in phpWebNotes
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP script that allows for arbitrary
The remote host is running phpWebNotes, an open-source page annotation
system modelled after php.net.
The version of phpWebNotes installed on the remote host allows
attackers to control the 't_path_core' parameter used when including
PHP code in the 'core/api.php' script. By leveraging this flaw, an
attacker is able to view arbitrary files on the remote host and
execute arbitrary PHP code, possibly taken from third-party hosts.
See also :
Unknown at this time.
High / CVSS Base Score : 7
Click HERE for more information and discussions on this network vulnerability scan.