|
Family: CGI abuses --> Category: attack
PHP-Fusion <= 6.00.105 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Checks for multiple vulnerabilities in PHP-Fusion <= 6.00.105
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that suffers from two
vulnerabilities.
Description :
According to its banner, the remote host is running a version of
PHP-Fusion that suffers from two vulnerabilities :
- An Information Disclosure Vulnerability
PHP Fusion stores database backups in a known location
within the web server's documents directory. A possible hacker
may be able to retrieve these backups and obtain
password hashes or other sensitive information from the
database.
- Multiple Cross-Site Scripting Vulnerabilities
A possible hacker can inject malicious HTML and script code
into the 'news_body', 'article_description', and the
'article_body' parameters when submitting news or an
article.
See also :
http://dark-assassins.com/forum/viewtopic.php?t=142
http://dark-assassins.com/forum/viewtopic.php?t=145
Solution :
Upgrade to PHP-Fusion 6.00.106 or later.
Threat Level:
Medium / CVSS Base Score : 4
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:C)
Click HERE for more information and discussions on this network vulnerability scan.
|