|
Family: CGI abuses --> Category: attack
Drupal Comment Code Execution Vulnerability Vulnerability Scan
Vulnerability Scan Summary Tries to execute a command via Drupal
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that allows execution
of arbitrary code.
Description :
The version of Drupal installed on the remote host is configured to
support arbitrary PHP code in comments. A possible hacker can leverage this
issue to preview a comment and have it interpreted as PHP code, which
will result in it being executed on the affected host with the
rights of the web server user id.
Solution :
Review the configuration of input filters, especially those available
to anonymous users.
Threat Level:
Medium / CVSS Base Score : 6
(AV:R/AC:H/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|