|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> CGI abuses >> phpListPro returnpath Remote File Include Vulnerabilities Vulnerability Assessment Details
|
phpListPro returnpath Remote File Include Vulnerabilities |
||
Checks for file includes in phpListPro's config.php Detailed Explanation for this Vulnerability Assessment Summary : The remote web server contains a PHP application that is affected by remote file include vulnerabilities. Description : The remote host is running phpListPro, a web site voting/ranking tool written in PHP. The installed version of phpListPro fails to sanitize user input to the 'returnpath' parameter of the 'config.php', 'editsite.php', 'addsite.php', and 'in.php' scripts before using it to include PHP code from other files. An unauthenticated attacker may be able to read arbitrary local files or include a file from a remote host that contains commands which will be executed on the remote host subject to the rights of the web server process. These flaws are only exploitable if PHP's 'register_globals' is enabled. See also : http://archives.neohapsis.com/archives/bugtraq/2006-04/0206.html http://archives.neohapsis.com/archives/bugtraq/2006-05/0153.html http://archives.neohapsis.com/archives/bugtraq/2006-05/0199.html http://www.smartisoft.com/forum/viewtopic.php?t=3019 Solution : Edit the affected files as discussed in the vendor advisory above. Network Security Threat Level: High / CVSS Base Score : 7.0 (AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N) Networks Security ID: 17448 Vulnerability Assessment Copyright: This script is Copyright (C) 2006 Josh Zlatin-Amishav |
||
Cables, Connectors |
USB Flash Drive Memory Thumb Photo Sticks For iPhone iPad 128/256/512GB 1TB 2TB
$15.33
512GB USB Flash Drive External Storage Memory Stick For iPhone iPad Android
$17.59
SanDisk 16GB Ultra USB 3.0 Flash Drive - SDCZ48-016G-U46
$6.25
SanDisk 128GB Extreme PRO USB 3.2 Solid State Flash Drive - SDCZ880-128G-A46
$36.99
Sandisk 16GB 32GB 64GB 128GB Cruzer Blade Flash Drive Memory Stick USB Lot Pack
$4.99
New TESLA OEM Model S,3,X,Y USB Flash Drive for Dashcam & Sentry Mode 128GB
$18.99
Lenovo USB 16TB 3.0 USB Flash Drive Thumb Disk Silver Transfer Metal Memory
$24.99
Mechanical Style Flash Drive USB 3.0 High Speed 16TB Large Capacity Waterproof
$8.37
USB Flash Drive Memory Stick Pendrive Thumb Drive 4GB, 8GB, 32GB, 64GB 128GB LOT
$249.37
Lot USB Flash Drive Memory Stick Pendrive Thumb Drive 2GB,4GB, 8G, 32G, 64G 128G
$332.55
|
||
No Discussions have been posted on this vulnerability. |