Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.200011 |
Kategorie: | Web application abuses |
Titel: | Docebo GLOBALS Variable Overwrite Vulnerability |
Zusammenfassung: | The remote host contains a PHP application that is vulnerable;to remote and local file inclusions.;;Description :;;At least one Docebo application is installed on the system.;;Docebo has multiple PHP based applications, including a content;management system (DoceboCMS), an e-learning platform;(DoceboLMS) and a knowledge maintenance system (DoceboKMS);;By using a flaw in some PHP versions (PHP4 <= 4.4.0 and PHP5 <= 5.0.5);it is possible to include files by overwriting the $GLOBALS variable.;;This flaw exists if PHP's register_globals is enabled. |
Beschreibung: | Summary: The remote host contains a PHP application that is vulnerable to remote and local file inclusions. Description : At least one Docebo application is installed on the system. Docebo has multiple PHP based applications, including a content management system (DoceboCMS), an e-learning platform (DoceboLMS) and a knowledge maintenance system (DoceboKMS) By using a flaw in some PHP versions (PHP4 <= 4.4.0 and PHP5 <= 5.0.5) it is possible to include files by overwriting the $GLOBALS variable. This flaw exists if PHP's register_globals is enabled. Solution: Disable PHP's register_globals and/or upgrade to a newer PHP release. CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P |
Querverweis: |
BugTraq ID: 18109 Common Vulnerability Exposure (CVE) ID: CVE-2006-2576 Bugtraq: 20060609 Docebo Kms 3.0.3, Remote command execution (Google Search) http://archives.neohapsis.com/archives/bugtraq/2006-06/0113.html https://www.exploit-db.com/exploits/1817 http://www.osvdb.org/25757 http://www.osvdb.org/26711 http://secunia.com/advisories/20260 http://www.vupen.com/english/advisories/2006/1935 XForce ISS Database: docebo-multiple-file-include(26633) https://exchange.xforce.ibmcloud.com/vulnerabilities/26633 Common Vulnerability Exposure (CVE) ID: CVE-2006-2577 |
Copyright | Copyright (C) 2008 Ferdy Riphagen |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |