Support
Eng
òÕÓ
Company
Home
Services
Solutions
Documentation
News and Events
 
 
 
Knowledgebase
Downloads
Glossary
Ask a Question
Search:     Advanced search
SHALB.com / Security Knowledgebase / Network Security / CGI abuses / PHP Doc System index.php show Parameter Local File Inclusion
server monitoring

PHP Doc System index.php show Parameter Local File Inclusion
Article ID: 20246
Last updated: 27 Jan, 2009
Print
Email to friend
Views: 599
Posted: 22 Jan, 2009
by: Tech Pubs S.
Updated: 27 Jan, 2009
by: Tech Pubs S.

PHP Doc System index.php show Parameter Local File Inclusion
This script is Copyright (C) 2005-2008 Tenable Network Security

FamilyCGI abuses
Plugin ID20246
Bugtraq ID15611
CVE IDCVE-2005-3878

Description:

Synopsis :

The remote web server contains a PHP application that is affected by a
local file inclusion vulnerability.

Description :

The remote host is running PHP Doc System, a modular, PHP-based system
for creating documentation.

The version of PHP Doc System installed on the remote host fails to
sanitize user input to the show parameter of the index.php script
before using it in a PHP include function. An unauthenticated
attacker may be able to exploit this issue to view arbitrary files on
the remote host or to execute arbitrary PHP code taken from arbitrary
files on the remote host.

See also :

http://pridels.blogspot.com/2005/11/php-doc-system-151-local-file.html

Solution :

Unknown at this time.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
This article was:   Helpful | Not Helpful
Prev   Next
Plain Old Webserver URI Traversal Arbitrary File Access     whois_raw

server monitoring

¿ 2010 "SHALB.com" All rights reserved
SHALB Home
Services
Solutions
Documentation
News and Events