|
Family: CGI abuses --> Category: attack
zenTrack Files Reading Vulnerability Scan
Vulnerability Scan Summary Searches for the existence of zenTrack's index.php
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP script that is prone to file
disclosure attacks.
Description :
It is possible to make the remote web server show the content
of arbitrary files by making requests like :
index.php?configFile=../../../../../../../../../../etc/passwd
See also :
http://www.securityfocus.com/archive/1/324264/2003-06-04/2003-06-10/0
http://sourceforge.net/forum/forum.php?forum_id=283172
Solution :
Upgrade to zenTrack 2.4.2 or later.
Threat Level:
Low / CVSS Base Score : 2.3
(AV:R/AC:L/Au:NR/C:P/I:N/A:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|