|
|
Family: CGI abuses --> Category: attack
ezUpload <= 2.2 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for multiple vulnerabilities in ezUpload <= 2.2
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is affected by
multiple flaws.
Description :
The remote host appears to be running ezUpload, a commercial upload
script written in PHP.
The installed version of ezUpload allows remote attackers to control
the 'path' and 'mode' parameters used when including PHP code in
several scripts. By leveraging this flaw, a possible hacker may be able to
view arbitrary files on the remote host and execute arbitrary PHP
code, possibly taken from third-party hosts. Successful exploitation
may depend on PHP's 'magic_quotes_gpc' and 'allow_url_fopen' settings.
In addition, it reportedly fails to sanitize input passed to various
parameters in the search module before using it in database queries,
which opens the application up to SQL injection as well as cross-site
scripting attacks.
See also :
http://packetstorm.linuxsecurity.com/0508-exploits/ezuploadRemote.txt
http://pridels.blogspot.com/2005/12/ezupload-pro-vuln.html
Solution :
Unknown at this time.
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
