|
Family: CGI abuses --> Category: attack
Netref Cat_for_gen.PHP Remote PHP Script Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary Netref Cat_for_gen.PHP Remote PHP Script Injection Vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is running the Netref directory script, written in
PHP.
There is a vulnerability in the installed version of Netref that
enables a remote attacker to pass arbitrary PHP script code through
the 'ad', 'ad_direct', and 'm_for_racine' parameters of the
'cat_for_gen.php' script. This code will be executed on the remote
host under the rights of the web server userid.
Solution : Upgrade to Netref 4.3 or later.
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|