|
Family: CGI abuses --> Category: mixed
w-Agora <= 4.2.0 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Checks for multiple vulnerabilities in w-Agora <= 4.2.0
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is affected by
multiple vulnerabilities.
Description :
The version of w-Agora installed on the remote host fails to validate
files uploaded with the 'browse_avatar.php' and 'insert.php' scripts,
which allows a possible hacker to upload scripts with arbitrary PHP code and
then to execute it subject to the rights of the web server user
id. In addition, it also does not validate the 'site' parameter of
the 'extras/quicklist.php' script before using that to include files,
which can exploited to read arbitrary files if the remote host is
running Windows.
Solution :
Unknown at this time.
Threat Level:
High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|