|
Family: CGI abuses --> Category: attack
PHP-Kit Multiple Flaws Vulnerability Scan
Vulnerability Scan Summary Check for SQL Injection in PHPKIT
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is affected by
several issues.
Description :
The remote host is running PHP-Kit, an open-source content management
system written in PHP.
The remote version of this software is vulnerable to multiple remote
and local code execution, SQL injection and cross-site scripting
flaws.
See also :
http://marc.theaimsgroup.com/?l=bugtraq&m=110117116115493&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=112474427221031&w=2
http://www.hardened-php.net/advisory_212005.80.html
http://retrogod.altervista.org/phpkit_161r2_incl_xpl.html
http://www.securityfocus.com/archive/1/429249/30/0/threaded
Solution :
Remove the application as it is no longer maintained.
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|