CGI abuses : Stadtaus code injection and file disclosure

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.51830

Category: CGI abuses

Title: Stadtaus code injection and file disclosure

Summary: NOSUMMARY

Description: Description:

The remote host is vulnerable to a file disclosure
attack and possibly a code injection attack. The
script 'inc/formmail.inc.php' can be called directly
with a pathname parameter that can cause any file
on the remote system to be retrieved. If your system
has enabled allow_url_fopen, the attack vector would
allow the inclusion of any arbitrary PHP code on
your system.

Solution: Upgrade to the latest version.
http://www.stadtaus.com/

Risk factor : High

Cross-Ref: BugTraq ID: 12735

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.51830
Category:	CGI abuses
Title:	Stadtaus code injection and file disclosure
Summary:	NOSUMMARY
Description:	Description: The remote host is vulnerable to a file disclosure attack and possibly a code injection attack. The script 'inc/formmail.inc.php' can be called directly with a pathname parameter that can cause any file on the remote system to be retrieved. If your system has enabled allow_url_fopen, the attack vector would allow the inclusion of any arbitrary PHP code on your system. Solution: Upgrade to the latest version. http://www.stadtaus.com/ Risk factor : High
Cross-Ref:	BugTraq ID: 12735
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com