|
Family: CGI abuses --> Category: attack
Netquery <= 3.11 Arbitrary Command Execution Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for arbitrary command execution vulnerability in Netquery <= 3.11
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is prone to a
arbitrary command execution vulnerability.
Description :
The remote host is running Netquery, a suite of network information
utilities written in PHP.
The installed version of Netquery lets a possible hacker execute arbitrary
commands within the context of the affected web server user id by
passing them through the 'host' parameter of the 'nquser.php' script.
See also :
http://retrogod.altervista.org/netquery311.html
Solution :
Upgrade to Netquery 3.2 or later, as that is rumored to address the
issue.
Threat Level:
Medium / CVSS Base Score : 6
(AV:R/AC:H/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|