|
|
Family: CGI abuses --> Category: attack
4Images <= 1.7.1 Directory Traversal Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Check if 4Images is vulnerable to directory traversal flaws
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is prone to
directory traversal attacks.
Description :
4Images is installed on the remote system. It is an image gallery
management system.
The installed application does not validate user-input passed in the
'template' variable of the 'index.php' file. This allows a possible hacker
to execute directory traversal attacks and display the content of
sensitive files on the system and possibly to execute arbitrary PHP
code if he can write to local files through some other means.
See also :
http://www.4homepages.de/forum/index.php?topic=11855.0
http://secunia.com/advisories/19026/
Solution :
Upgrade to 4Images version 1.7.2 or sanitize the 'index.php' file as
advised by a forum post (see first URL).
Threat Level:
High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
