ID de Prueba:	1.3.6.1.4.1.25623.1.0.20374
Categoría:	Web application abuses
Título:	phpDocumentor <= 1.3.0 RC4 Local And Remote File Inclusion Vulnerability
Resumen:	The remote host appears to be running the web-interface of; phpDocumentor. This version does not properly sanitize user input in the 'file_dialog.php'; file and a test file called 'bug-559668.php'
Descripción:	Summary: The remote host appears to be running the web-interface of phpDocumentor. This version does not properly sanitize user input in the 'file_dialog.php' file and a test file called 'bug-559668.php' Vulnerability Impact: It is possible for an attacker to include remote files and execute arbitrary commands on the remote system, and display the content of sensitive files. This flaw is exploitable if PHP's 'register_globals' setting is enabled. Solution: Disable PHP's 'register_globals' setting. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-4593 BugTraq ID: 16080 http://www.securityfocus.com/bid/16080 Bugtraq: 20051229 PhpDocumentor <= 1.3.0 rc4 Arbitrary remote/local inclusion (Google Search) http://www.securityfocus.com/archive/1/420441/100/0/threaded http://rgod.altervista.org/phpdocumentor_130rc4_incl_expl.html http://www.osvdb.org/22114 http://www.osvdb.org/22115 http://securitytracker.com/id?1015423 http://secunia.com/advisories/18248 http://securityreason.com/securityalert/303 XForce ISS Database: phpdocumentor-multiple-script-file-include(23902) https://exchange.xforce.ibmcloud.com/vulnerabilities/23902
Copyright	Copyright (C) 2006 Ferdy Riphagen

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.