Web application abuses : HybridAuth 'install.php' RCE Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.804753

Categoría: Web application abuses

Título: HybridAuth 'install.php' RCE Vulnerability

Resumen: HybridAuth is prone to a remote code execution (RCE) vulnerability.

Descripción: Summary:
HybridAuth is prone to a remote code execution (RCE) vulnerability.

Vulnerability Insight:
Flaw exists because the hybridauth/install.php script does not properly verify
or sanitize user-uploaded files.

Vulnerability Impact:
Successful exploitation will allow attacker to execute arbitrary code in the
affected system.

Affected Software/OS:
HybridAuth version 2.1.2 and probably prior.

Solution:
Upgrade to HybridAuth version 2.2.2 or later.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:N/A:N

Copyright Copyright (C) 2014 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.804753
Categoría:	Web application abuses
Título:	HybridAuth 'install.php' RCE Vulnerability
Resumen:	HybridAuth is prone to a remote code execution (RCE) vulnerability.
Descripción:	Summary: HybridAuth is prone to a remote code execution (RCE) vulnerability. Vulnerability Insight: Flaw exists because the hybridauth/install.php script does not properly verify or sanitize user-uploaded files. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary code in the affected system. Affected Software/OS: HybridAuth version 2.1.2 and probably prior. Solution: Upgrade to HybridAuth version 2.2.2 or later. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N
Copyright	Copyright (C) 2014 Greenbone AG