ID de Prueba:	1.3.6.1.4.1.25623.1.0.103797
Categoría:	Web application abuses
Título:	Xibo 'index.php' Multiple Directory Traversal Vulnerabilities
Resumen:	Xibo is prone to multiple directory traversal vulnerabilities because;it fails to properly sanitize user-supplied input.
Descripción:	Summary: Xibo is prone to multiple directory traversal vulnerabilities because it fails to properly sanitize user-supplied input. Vulnerability Insight: Directory traversal vulnerabilities occur when user input is used in the construction of a filename or directory path which is subsequently used in some system function. If the input is not correctly validated or directory permissions not correctly set, it may be possible to cause a different file to be accessed other than that intended. This issue was exploited by adding a null byte (%00) which resulted in the application ignoring the rest of the supplied value after the null byte. Vulnerability Impact: An attacker can exploit these issues using directory-traversal strings to retrieve arbitrary files outside of the webserver root directory. This may aid in further attacks Affected Software/OS: Xibo 1.2.2 and 1.4.1 are vulnerable, other versions may also be affected. Solution: Upgrade to Xibo 1.4.2 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-5979 http://www.baesystemsdetica.com.au/Research/Advisories/Xibo-Directory-Traversal-Vulnerability-(DS-2013-00
Copyright	Copyright (C) 2013 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.