|
Family: CGI abuses --> Category: attack
YaPiG Password Protected Directory Access Flaw Vulnerability Scan
Vulnerability Scan Summary Checks for YaPiG version
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is prone to an
information disclosure flaw.
Description :
The remote host is running YaPiG, a web-based image gallery written in
PHP.
The remote version of this software contains a flaw that can let a
malicious user view images in password protected directories.
Successful exploitation of this issue may allow a possible hacker to access
unauthorized images on a vulnerable server.
See also :
http://sourceforge.net/tracker/index.php?func=detail&aid=842990&group_id=93674&atid=605076
http://sourceforge.net/tracker/index.php?func=detail&aid=843736&group_id=93674&atid=605076
Solution :
Unknown at this time.
Threat Level:
Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|