|
Family: CGI abuses --> Category: attack
Free Articles Directory Remote File Inclusion Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for file includes in Free Articles Directory
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is affected by a
remote file include vulnerability.
Description :
The remote host is running Free Articles Directory, a CMS written in
PHP.
The installed version of Free Articles Directory fails to sanitize
user input to the 'page' parameter in index.php. An unauthenticated
attacker may be able to read arbitrary local files or include a file
from a remote host that contains commands which will be executed by
the vulnerable script, subject to the rights of the web server
process.
See also :
http://archives.neohapsis.com/archives/bugtraq/2006-03/0396.html
Solution :
Unknown at this time.
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|