|
|
Family: CGI abuses --> Category: destructive_attack
PHP Easy Download admin/save.php Paramater Code Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Tries to inject PHP code into remote web server.
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP script that is affected by a
remote code execution issue.
Description:
The version of PHP Easy Download installed on the remote host fails to
sanitize input to the 'moreinfo' parameter before using it in the
'save.php' script. By sending a specially-crafted value, a possible hacker
can store and execute code at the privilege level of the remote web
server.
See also :
http://www.milw0rm.com/exploits/2812
Solution :
Unknown at this time.
Threat Level:
High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
