|
Family: CGI abuses --> Category: attack
Multiple Remote Vulnerabilities in myEvent Vulnerability Scan
Vulnerability Scan Summary Checks for file includes in myevent.php
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is affected by
multiple vulnerabilities.
Description :
The remote host is running myEvent, a calendar application written in
PHP.
The installed version of myEvent fails to sanitize user input to the
'myevent_path' parameter in several scripts before using it to include
PHP code from other files. An unauthenticated attacker may be able to
read arbitrary local files or include a file from a remote host that
contains commands which will be executed on the remote host subject to
the rights of the web server process.
In addition, user input to the 'event_id' parameter in 'addevent.php'
and 'del.php', and to the 'event_desc' parameter in 'addevent.php' is
not properly sanitised before being used in a SQL query, which may
allow a possible hacker to insert arbritrary SQL statements in the remote
database. A similar lack of sanitation involving the 'event_desc'
parameter of 'addevent.php' allows for cross-site scripting attacks
against the affected application.
These flaws are exploitable only if PHP's register_globals is enabled.
See also :
http://seclists.org/lists/bugtraq/2006/Apr/0331.html
Solution :
Unknown at this time.
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|