Summary
This host is running 4psa Voipnow and is prone to local file inclusion vulnerability.
Impact
Successful exploitation will allow an attacker to view files and execute local scripts in the context of the application.
Impact Level: Application
Solution
Upgrade to 4psa voipnow 2.4 or later,
For updates refer to http://www.4psa.com/products-voipnow-spe.html
Insight
The flaw is due to an improper validation of user-supplied input to the 'screen' parameter in '/help/index.php?', which allows attackers to read arbitrary files via a ../(dot dot) sequences.
Affected
4psa voipnow version prior to 2.4
References
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AIOCP 'cp_html2xhtmlbasic.php' Remote File Inclusion Vulnerability
- Assesi 'bg' Parameter SQL Injection vulnerability
- Adobe ColdFusion Multiple Vulnerabilities-01 May-2014
- appRain CMF SQL Injection And Cross Site Scripting Vulnerabilities
- Atlassian JIRA FishEye and Crucible Plugins XML Parsing Unspecified Security Vulnerability