|
|
Family: CGI abuses --> Category: attack
PHProjekt Unspecified Authentication Bypass Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Uses a form-POST method to enter the configuration page
Detailed Explanation for this Vulnerability Test
The remote host is running PHProjekt, open-source PHP Groupware
package. It runs on most Linux and Unix variants, in addition
to Microsoft Windows operating systems.
An unspecified authentication bypass vulnerability is present in the
'setup.php' source file and may be exploited by a remote attacker to gain
access to the 'setup.php' file without requiring authentication. The
'setup.php' file may then be employed to make administrative
configuration changes to the PHPProjekt website.
Solution : Upgrade setup.php to the fixed version - setup.php,v 1.3
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
