|
Family: CGI abuses --> Category: attack
PPA ppa_root_path Variable File Include Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for ppa_root_path variable file include vulnerability in PPA
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP script that is prone to a remote
file include attack.
Description :
The remote host is running PPA, a free, PHP-based photo gallery.
The installed version of PPA allows remote attackers to control the
'config[ppa_root_path]' variable used when including PHP code in the
'inc/functions.inc.php' script. By leveraging this flaw, a possible hacker
may be able to view arbitrary files on the remote host and execute
arbitrary PHP code, possibly taken from third-party hosts.
See also :
http://securitytracker.com/alerts/2005/Jul/1014436.html
Solution :
Ensure that PHP's 'magic_quotes_gpc' setting is enabled and that
'allow_url_fopen' is disabled.
Threat Level:
High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|