|
Family: CGI abuses --> Category: mixed
Multiple Vulnerabilities in yappa-ng < 2.3.2 Vulnerability Scan
Vulnerability Scan Summary Checks for multiple vulnerabilities in yappa-ng < 2.3.2
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains several PHP scripts that are prone to
multiple flaws, including arbitrary file inclusion.
Description :
The version of yappa-ng installed on the remote host is prone to
multiple file include and cross-site scripting vulnerabilities due to
its failure to sanitize user-supplied script input when calling
various include scripts directly.
By exploiting the file include vulnerabilities, a possible hacker can read
arbitrary files on the remote host and possibly even run arbitrary
code, subject to the rights of the web server process. And by
exploiting the cross-site scripting vulnerabilities, he can cause
arbitrary script and HTML code to be run in a user's browser within
the context of the affected web site.
See also :
http://www.gulftech.org/?node=research&article_id=00074-05112005
http://sourceforge.net/mailarchive/forum.php?thread_id=7121653&forum_id=30266
Solution :
Upgrade to yappa-ng 2.3.2 or later.
Threat Level:
Medium / CVSS Base Score : 6
(AV:R/AC:H/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|