|
|
Family: CGI abuses --> Category: attack
SysCP < 1.2.11 Multiple Script Execution Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for multiple script execution vulnerabilities in SysCP < 1.2.11
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP script that is affected by remote
code execution vulnerabilities.
Description :
The remote host is running SysCP, an open-source control panel written
in PHP.
The version of SysCP installed on the remote host uses user-supplied
input to several variables in various scripts without sanitizing it.
Provided PHP's 'register_globals' setting is enabled, a possible hacker can
exploit these flaws to pass arbitrary PHP code to the application's
internal template engine for execution or to affect the application's
use of include files.
See also :
http://www.hardened-php.net/advisory_132005.64.html
Solution :
Upgrade to SysCP version 1.2.11 or later.
Threat Level:
High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
