HomePentest-Tools.com Logo

Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability CVE-2006-2149

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

The remote system contains a PHP application that is prone to remote file inclusions attacks. Description : Aardvark Topsites PHP is installed on the remote host. It is an open source Toplist management system written in PHP. The application does not sanitize user-supplied input to the CONFIG[PATH] variable in some PHP files. This allows an attacker to include arbitrary files from remote systems, and execute them with privileges under which the webserver operates. The flaw is exploitable if PHPs register_globals is set to on.

Risk description
Not available
Recommendation

Disable PHPs register_globals or upgrade to the latest release.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
May 3, 2006
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available