|
|
Family: CGI abuses --> Category: attack
phpWebNotes t_path_core Parameter File Include Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for t_path_core parameter file include vulnerability in phpWebNotes
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP script that allows for arbitrary
code execution.
Description :
The remote host is running phpWebNotes, an open-source page annotation
system modelled after php.net.
The version of phpWebNotes installed on the remote host allows
attackers to control the 't_path_core' parameter used when including
PHP code in the 'core/api.php' script. By leveraging this flaw, an
attacker is able to view arbitrary files on the remote host and
execute arbitrary PHP code, possibly taken from third-party hosts.
See also :
http://www.securityfocus.com/archive/1/409411/30/0/threaded
Solution :
Unknown at this time.
Threat Level:
High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
