Web application abuses : Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.200005

Kategorie: Web application abuses

Titel: Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability

Zusammenfassung: The remote system contains a PHP application that is prone to; remote file inclusions attacks.;; Description :;; Aardvark Topsites PHP is installed on the remote host. It is; an open source Toplist management system written in PHP.;; The application does not sanitize user-supplied input to; the 'CONFIG[PATH]' variable in some PHP files. This allows; an attacker to include arbitrary files from remote systems, and; execute them with privileges under which the webserver operates.;; The flaw is exploitable if PHP's 'register_globals' is set to on.

Beschreibung: Summary:
The remote system contains a PHP application that is prone to
remote file inclusions attacks.

Description :

Aardvark Topsites PHP is installed on the remote host. It is
an open source Toplist management system written in PHP.

The application does not sanitize user-supplied input to
the 'CONFIG[PATH]' variable in some PHP files. This allows
an attacker to include arbitrary files from remote systems, and
execute them with privileges under which the webserver operates.

The flaw is exploitable if PHP's 'register_globals' is set to on.

Solution:
Disable PHP's 'register_globals' or upgrade to the latest release.

CVSS Score:
6.4

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2006-2149
BugTraq ID: 17940
http://www.securityfocus.com/bid/17940
https://www.exploit-db.com/exploits/1732
http://www.osvdb.org/25158
http://secunia.com/advisories/19911
http://www.vupen.com/english/advisories/2006/1587
XForce ISS Database: aardvark-lostpw-join-file-include(26189)
https://exchange.xforce.ibmcloud.com/vulnerabilities/26189

Copyright Copyright (C) 2008 Ferdy Riphagen

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.200005
Kategorie:	Web application abuses
Titel:	Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
Zusammenfassung:	The remote system contains a PHP application that is prone to; remote file inclusions attacks.;; Description :;; Aardvark Topsites PHP is installed on the remote host. It is; an open source Toplist management system written in PHP.;; The application does not sanitize user-supplied input to; the 'CONFIG[PATH]' variable in some PHP files. This allows; an attacker to include arbitrary files from remote systems, and; execute them with privileges under which the webserver operates.;; The flaw is exploitable if PHP's 'register_globals' is set to on.
Beschreibung:	Summary: The remote system contains a PHP application that is prone to remote file inclusions attacks. Description : Aardvark Topsites PHP is installed on the remote host. It is an open source Toplist management system written in PHP. The application does not sanitize user-supplied input to the 'CONFIG[PATH]' variable in some PHP files. This allows an attacker to include arbitrary files from remote systems, and execute them with privileges under which the webserver operates. The flaw is exploitable if PHP's 'register_globals' is set to on. Solution: Disable PHP's 'register_globals' or upgrade to the latest release. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2006-2149 BugTraq ID: 17940 http://www.securityfocus.com/bid/17940 https://www.exploit-db.com/exploits/1732 http://www.osvdb.org/25158 http://secunia.com/advisories/19911 http://www.vupen.com/english/advisories/2006/1587 XForce ISS Database: aardvark-lostpw-join-file-include(26189) https://exchange.xforce.ibmcloud.com/vulnerabilities/26189
Copyright	Copyright (C) 2008 Ferdy Riphagen