|
Family: CGI abuses --> Category: attack
SiteBuilder-FX admindir Parameter Remote File Include Vulnerability Vulnerability Scan
Vulnerability Scan Summary Tries to read a local file using SiteBuilder-FX
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is prone to a
remote file include attack.
Description :
The remote host is running SiteBuilder-FX, a web-based design system
written in PHP.
The version of SiteBuilder-FX installed on the remote host fails to
sanitize input to the 'admindir' parameter of the 'admin/top.php'
script before using it to include PHP code. Regardless of the setting
of PHP's 'register_globals', an unauthenticated attacker may be able
to exploit these flaws to view arbitrary files on the remote host or
to execute arbitrary PHP code, possibly taken from third-party hosts.
Solution :
Unknown at this time.
Threat Level:
Medium / CVSS Base Score : 5.6
(AV:R/AC:H/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|