|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> CGI abuses >> eFiction < 2.0.2 Multiple Vulnerabilities Vulnerability Assessment Details
|
eFiction < 2.0.2 Multiple Vulnerabilities |
||
Checks for multiple vulnerabilities in eFiction < 2.0.2 Detailed Explanation for this Vulnerability Assessment Summary : The remote web server has a PHP application that is affected by multiple flaws. Description : The remote host is running eFiction, an open-source application in PHP for writers. The installed version of eFiction is affected by numerous flaws : - Members may be able to upload files containing arbitrary PHP code disguised as image files and then run that code on the remote host subject to the rights of the web server user id. If a possible hacker does not yet have access, he can register and have a password mailed to him automatically. - User-supplied input to several parameters and scripts is used without sanitation, which can lead to SQL injection attacks provided PHP's 'magic_quotes_gpc' is disabled. These issues can be exploited, for example, to bypass authentication or disclose sensitive information. - User-supplied input to the 'let' parameter of the 'titles.php' script is not sanitized before being used in dynamically-generated web pages, which leads to cross-site scripting attacks. - An unauthenticated attacker may be able to gain information about the installation and configuration of PHP on the remote host by requesting the 'phpinfo.php' script or to learn the install path by a direct request to the 'storyblock.php' script with no arguments. - Unauthenticated attackers may be able to access the 'install.php' and/or 'upgrade.php' scripts and thereby modify the installation on the remote host. See also : http://retrogod.altervista.org/efiction2_xpl.html http://archives.neohapsis.com/archives/bugtraq/2005-11/0301.html http://efiction.wallflowergirl.com/forums/viewtopic.php?t=1553 Solution : Upgrade to eFiction 2.0.2 or later. Network Security Threat Level: High / CVSS Base Score : 7.0 (AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N) Networks Security ID: 15568 Vulnerability Assessment Copyright: This script is Copyright (C) 2005-2006 Tenable Network Security |
||
Cables, Connectors |
IBM LSI SAS9220-8i M1015 46M0861 SAS/SATA PCI-e RAID Controller Both brackets
$139.00
LSI 9305-16i SATA SAS 12Gbs RAID Controller PCIe 3.0 x8 IT-Mode 4* 8643 SATA
$229.99
XDHXT DELL PERC H710P 6Gbps 1GB PCI RAID CONTROLLER 0XDHXT
$59.00
HPE 869102-001 Smart Array E208i-a SR Gen10 Storage Controller RAID SP: 871039
$129.99
Inspur LSI 9300-8i Raid Card 12Gbps HBA HDD Controller High Profile IT MODE
$15.98
LSI MegaRAID 9361-8i 12Gb PCIe 8-Port SAS/SATA RAID 1Gb w/BBU/CacheVault/License
$35.96
ORICO Multi Bay RAID Hard Drive Enclosure USB 3.0/ Type-C For 2.5/3.5'' HDD SSDs
$86.99
LSI MegaRAID 9361-8i 12Gbps PCIe 3 x8 SATA SAS 3 8 Port RAID + BBU & CacheVault
$39.00
Yottamaster 5 Bay RAID Hard Drive Enclosure USB3.1 Type C 2.5"/3.5" SATA HDD SSD
$142.49
ACASIS 2.5/3.5 inch 2 Bay SATA USB 3.0 Hard Drive Disk HDD SSD Enclosure 4 RAID
$58.99
|
||
No Discussions have been posted on this vulnerability. |