Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> CGI abuses >> phpWebFTP language Parameter Local File Include Vulnerability


Vulnerability Assessment Details

phpWebFTP language Parameter Local File Include Vulnerability

Vulnerability Assessment Summary
Tries to read /etc/passwd using phpWebFTP

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote web server contains a PHP script that is affected by a
local file include issue.

Description :

The remote host is running phpWebFTP, a web-based FTP client written
in PHP.

The version of phpWebFTP installed on the remote host fails to
sanitize user-supplied input to the 'language' parameter of the
'index.php' script before using it in a PHP 'include()' function. An
unauthenticated attacker may be able to exploit this issue to view
arbitrary files or to execute arbitrary PHP code on the remote host,
subject to the rights of the web server user id.

Note that successful exploitation of this issue requires that either
PHP's 'magic_quotes_gpc' setting be disabled or the attacker have the
ability to edit files on the remote host.

See also :

http://www.securityfocus.com/archive/1/431115/30/0/threaded

Solution :

Unknown at this time.

Network Security Threat Level:

Medium / CVSS Base Score : 4.7
(AV:R/AC:L/Au:NR/C:P/I:P/A:N/B:N)

Networks Security ID: 17557

Vulnerability Assessment Copyright: This script is Copyright (C) 2006 Tenable Network Security

Cables, Connectors


Western Digital WD_BLACK SN850P 1TB NVMe Internal SSD with Heatsink... picture

Western Digital WD_BLACK SN850P 1TB NVMe Internal SSD with Heatsink...

$85.00



1TB/2TB USB 3.0 Flash Drive Thumb U Disk Memory Stick Pen PC Laptop Storage lot picture

1TB/2TB USB 3.0 Flash Drive Thumb U Disk Memory Stick Pen PC Laptop Storage lot

$80.39



Kingston KC600 1 TB Solid State Drive - 2.5

Kingston KC600 1 TB Solid State Drive - 2.5" Internal - SATA (SATA/600)

$60.00



Type C USB 3.0 Flash Drive Thumb Drive Memory Stick for PC Laptop 1TB 2TB lot picture

Type C USB 3.0 Flash Drive Thumb Drive Memory Stick for PC Laptop 1TB 2TB lot

$73.29



CISCO A03-D1TBSATA 1TB 7.2K 6G 2.5INCH SATA HDD picture

CISCO A03-D1TBSATA 1TB 7.2K 6G 2.5INCH SATA HDD

$9.00



1TB HDD/SSD 2.5

1TB HDD/SSD 2.5" SATA Hard Drive for Laptop with Win 10/Win 11 Pro Pre-installed

$19.99



Samsung - Geek Squad Certified Refurbished 870 EVO 1TB SATA Solid State Drive picture

Samsung - Geek Squad Certified Refurbished 870 EVO 1TB SATA Solid State Drive

$67.99



1TB/2TB USB 3.0 Flash Drive Thumb U Disk Memory Stick Pen PC Laptop Storage lot picture

1TB/2TB USB 3.0 Flash Drive Thumb U Disk Memory Stick Pen PC Laptop Storage lot

$7.99



Samsung - 990 980 970 PRO & EVO  4TB 2TB 1 TB Internal PCle Gen 4x4 NVMe M.2SSD picture

Samsung - 990 980 970 PRO & EVO 4TB 2TB 1 TB Internal PCle Gen 4x4 NVMe M.2SSD

$320.00



Internal HDD SATA 3.5

Internal HDD SATA 3.5" 250GB-2TB Hard Drive with Legacy Windows 11 Pro Installed

$29.15



Discussions

No Discussions have been posted on this vulnerability.