|
|
Family: CGI abuses --> Category: infos
FUDforum < 2.7.1 Avatar Upload Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for avatar upload vulnerability in FUDforum < 2.7.1
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that allows for
arbitrary code execution.
Description :
The remote host is running FUDforum, an open-source web forum written
in PHP.
According to its banner, the version of FUDforum installed on the
remote host may allow an authenticated attacker to upload a file with
arbitrary PHP code as an avatar image and later run that code subject
to the rights of the web server user id.
See also :
http://archives.neohapsis.com/archives/bugtraq/2005-08/0394.html
http://fudforum.org/forum/index.php?t=msg&th=5470&start=0&
Solution :
Upload to FUDforum 2.7.1 or later.
Threat Level:
Low / CVSS Base Score : 3
(AV:R/AC:H/Au:R/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
