ID de Prueba:	1.3.6.1.4.1.25623.1.0.10630
Categoría:	Web application abuses
Título:	PHP-Nuke security vulnerability (bb_smilies.php)
Resumen:	The remote host seems to be vulnerable to a security problem in PHP-Nuke (bb_smilies.php).; The vulnerability is caused by inadequate processing of queries by PHP-Nuke's bb_smilies.php; which results in returning the content of any file we desire (the file needs to be world-readable).; A similar vulnerability in the same PHP program allows execution of arbitrary code by changing; the password of the administrator of bb_smilies.
Descripción:	Summary: The remote host seems to be vulnerable to a security problem in PHP-Nuke (bb_smilies.php). The vulnerability is caused by inadequate processing of queries by PHP-Nuke's bb_smilies.php which results in returning the content of any file we desire (the file needs to be world-readable). A similar vulnerability in the same PHP program allows execution of arbitrary code by changing the password of the administrator of bb_smilies. Vulnerability Impact: Every file that the webserver has access to can be read by anyone. It is also possible to change bb_smilies' administrator password and even execute arbitrary commands. Solution: Upgrade to the latest version (Version 4.4.1 and above). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2001-0320 Bugtraq: 20010223 Yet another hole in PHP-Nuke (Google Search) http://archives.neohapsis.com/archives/bugtraq/2001-02/0425.html
Copyright	Copyright (C) 2001 SecuriTeam

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.