Family: CGI abuses --> Category: infos
viewpage.php arbitrary file reading Vulnerability Scan
Vulnerability Scan Summary
viewpage.php is vulnerable to an exploit which lets an attacker view any file that the cgi/httpd user has access to.
Detailed Explanation for this Vulnerability Test
viewpage.php (part of PHP-Nuke) does not filter user-supplied
As a result, a possible hacker may use it to read arbitrary files on
the remote host by supplying a bogus value to the 'file' parameter
of this CGI.
Solution : Do not use php-nuke.
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.