|
Family: CGI abuses --> Category: infos
Basilix includes download Vulnerability Scan
Vulnerability Scan Summary Searches for the existence of include files
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is prone to
information disclosure.
Description :
It is possible to download the include files on the remote BasiliX
webmail service. A possible hacker may use these to obtain the MySQL
authentication credentials.
See also :
http://www.securityoffice.net/articles/basilix/index.php
Solution :
Put a handler in your web server for the .inc and .class files.
Threat Level:
Medium / CVSS Base Score : 4
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:C)
Click HERE for more information and discussions on this network vulnerability scan.
|