ID de Prueba:	1.3.6.1.4.1.25623.1.0.902611
Categoría:	Web application abuses
Título:	Chyrp Multiple Directory Traversal Vulnerabilities
Resumen:	Chyrp is prone to Multiple directory traversal vulnerabilities.
Descripción:	Summary: Chyrp is prone to Multiple directory traversal vulnerabilities. Vulnerability Insight: Multiple flaws are due to improper validation of user supplied input to 'file' parameter in 'includes/lib/gz.php' and 'action' parameter in 'index.php' before being used to include files. Vulnerability Impact: Successful exploitation will allow the attackers to read arbitrary files and gain sensitive information on the affected application. Affected Software/OS: Chyrp version prior to 2.1.1 Solution: Upgrade to Chyrp version 2.1.1 CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2780 BugTraq ID: 48672 http://www.securityfocus.com/bid/48672 Bugtraq: 20110713 [oCERT-2011-001] Chyrp input sanitization errors (Google Search) http://www.securityfocus.com/archive/1/518890/100/0/threaded http://www.justanotherhacker.com/advisories/JAHx113.txt http://www.ocert.org/advisories/ocert-2011-001.html http://www.openwall.com/lists/oss-security/2011/07/13/6 http://www.openwall.com/lists/oss-security/2011/07/13/5 http://osvdb.org/73891 http://secunia.com/advisories/45184 http://securityreason.com/securityalert/8312 XForce ISS Database: chyrp-gz-directory-traversal(68565) https://exchange.xforce.ibmcloud.com/vulnerabilities/68565 Common Vulnerability Exposure (CVE) ID: CVE-2011-2744 http://osvdb.org/73890 XForce ISS Database: chyrp-action-local-file-include(68564) https://exchange.xforce.ibmcloud.com/vulnerabilities/68564
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.