Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

RunCms bbPath Parameter Remote File Include Vulnerability Vulnerability Scan


Vulnerability Scan Summary
Checks for bbPath parameter remote file include vulnerability in RunCms

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP application that is susceptible
to remote file include attacks.

Description :

The remote host appears to be running RunCms, a content-management
system written in PHP.

The installed version of RunCms fails to validate user input to the
'bbPath' parameter of two scripts. An unauthenticated attacker may be
able to leverage this issue to view arbitrary files on the remote host
or to execute arbitrary PHP code, possibly taken from third-party
hosts.

Note that successful exploitation requires that PHP's
'register_globals' setting be enabled.

See also :

http://www.runcms.org/public/modules/news/

Solution :

Upgrade to RunCms 1.3a or later.

Threat Level:

Medium / CVSS Base Score : 6
(AV:R/AC:H/Au:NR/C:P/A:P/I:P/B:N)

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.