ID de Prueba:	1.3.6.1.4.1.25623.1.0.80060
Categoría:	Web application abuses
Título:	Free Articles Directory RFI Vulnerability
Resumen:	Free Articles Directory is prone to a remote file include (RFI); vulnerability.
Descripción:	Summary: Free Articles Directory is prone to a remote file include (RFI) vulnerability. Vulnerability Insight: Free Articles Directory fails to sanitize user input to the 'page' parameter in index.php. An unauthenticated attacker may be able to read arbitrary local files or include a file from a remote host that contains commands which will be executed by the vulnerable script, subject to the privileges of the web server process. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-1350 BugTraq ID: 17183 http://www.securityfocus.com/bid/17183 Bugtraq: 20060321 Free Articles Directory Remote Command Exucetion (Google Search) http://www.securityfocus.com/archive/1/428354/100/0/threaded http://www.osvdb.org/24024 http://secunia.com/advisories/19320 http://securityreason.com/securityalert/616 http://attrition.org/pipermail/vim/2006-March/000626.html http://www.vupen.com/english/advisories/2006/1037 XForce ISS Database: freearticlesdirectory-index-file-include(25378) https://exchange.xforce.ibmcloud.com/vulnerabilities/25378
Copyright	Copyright (C) 2008 Josh Zlatin-Amishav

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.