ID de Prueba:	1.3.6.1.4.1.25623.1.0.80077
Categoría:	Web application abuses
Título:	phpListPro returnpath Remote File Include Vulnerabilities
Resumen:	The remote web server is running phpListPro which is affected by; remote file include vulnerabilities.
Descripción:	Summary: The remote web server is running phpListPro which is affected by remote file include vulnerabilities. Vulnerability Insight: The installed version of phpListPro fails to sanitize user input to the 'returnpath' parameter of the 'config.php', 'editsite.php', 'addsite.php', and 'in.php' scripts before using it to include PHP code from other files. These flaws are only exploitable if PHP's 'register_globals' is enabled. Vulnerability Impact: An unauthenticated attacker may be able to read arbitrary local files or include a file from a remote host that contains commands which will be executed on the remote host subject to the privileges of the web server process. Solution: Edit the affected files as discussed in the referenced vendor advisory. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-1749 BugTraq ID: 17448 http://www.securityfocus.com/bid/17448 Bugtraq: 20060411 phpListPro <= 2.0 - Remote File Include Vulnerability (Google Search) http://www.securityfocus.com/archive/1/430614 Bugtraq: 20060508 PhpListPro 2.01 Remote File Include Vulnerability (Google Search) http://www.securityfocus.com/archive/1/433562/100/0/threaded http://www.osvdb.org/24540 http://secunia.com/advisories/19625 http://www.vupen.com/english/advisories/2006/1325 XForce ISS Database: phplistpro-config-file-include(25760) https://exchange.xforce.ibmcloud.com/vulnerabilities/25760
Copyright	Copyright (C) 2008 Josh Zlatin-Amishav

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.