Admbook PHP Code Injection Flaw Network Vulnerability

Summary

The remote web server contains a PHP script that allows arbitrary code injection. Description : The remote host is running AdmBook, a PHP-based guestbook. The remote version of this software is prone to remote PHP code injection due to a lack of sanitization of the HTTP header 'X-Forwarded-For'. Using a specially-crafted URL, a malicious user can execute arbitrary command on the remote server subject to the privileges of the web server user id.

Solution

Unknown at this time.

References

http://downloads.securityfocus.com/vulnerabilities/exploits/admbook_122_xpl.pl

Updated on 2015-03-25

Severity

Classification

CVE CVE-2006-0852

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Agora CGI Cross Site Scripting
Adobe ColdFusion Directory Traversal Vulnerability
AdaptBB Multiple Input Validation Vulnerabilities
Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
AlefMentor Multiple SQL Injection Vulnerabilities

Take action and discover your vulnerabilities