Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.200005 |
Kategorie: | Web application abuses |
Titel: | Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability |
Zusammenfassung: | The remote system contains a PHP application that is prone to; remote file inclusions attacks.;; Description :;; Aardvark Topsites PHP is installed on the remote host. It is; an open source Toplist management system written in PHP.;; The application does not sanitize user-supplied input to; the 'CONFIG[PATH]' variable in some PHP files. This allows; an attacker to include arbitrary files from remote systems, and; execute them with privileges under which the webserver operates.;; The flaw is exploitable if PHP's 'register_globals' is set to on. |
Beschreibung: | Summary: The remote system contains a PHP application that is prone to remote file inclusions attacks. Description : Aardvark Topsites PHP is installed on the remote host. It is an open source Toplist management system written in PHP. The application does not sanitize user-supplied input to the 'CONFIG[PATH]' variable in some PHP files. This allows an attacker to include arbitrary files from remote systems, and execute them with privileges under which the webserver operates. The flaw is exploitable if PHP's 'register_globals' is set to on. Solution: Disable PHP's 'register_globals' or upgrade to the latest release. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2006-2149 BugTraq ID: 17940 http://www.securityfocus.com/bid/17940 https://www.exploit-db.com/exploits/1732 http://www.osvdb.org/25158 http://secunia.com/advisories/19911 http://www.vupen.com/english/advisories/2006/1587 XForce ISS Database: aardvark-lostpw-join-file-include(26189) https://exchange.xforce.ibmcloud.com/vulnerabilities/26189 |
Copyright | Copyright (C) 2008 Ferdy Riphagen |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |