ID de Prueba:	1.3.6.1.4.1.25623.1.0.903312
Categoría:	Web application abuses
Título:	LotusCMS PHP Code Execution Vulnerability
Resumen:	LotusCMS is prone to php code execution vulnerability.
Descripción:	Summary: LotusCMS is prone to php code execution vulnerability. Vulnerability Insight: Input passed via the 'req' and 'page' parameters to index.php is not properly sanitised in the 'Router()' function in core/lib/router.php before being used in an 'eval()' call. Vulnerability Impact: Successful exploitation will allow remote attackers to obtain some sensitive information or execute arbitrary code on the vulnerable Web server. Affected Software/OS: LotusCMS version 3.03, 3.04 and other versions may also be affected. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0518 http://www.exploit-db.com/exploits/15964 http://osvdb.org/70409 http://secunia.com/advisories/42835 http://www.vupen.com/english/advisories/2011/0073 XForce ISS Database: lotuscms-index-file-incldue(64736) https://exchange.xforce.ibmcloud.com/vulnerabilities/64736
Copyright	Copyright (C) 2013 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.