Andy's PHP Knowledgebase 'step5.php' Remote PHP Code Execution Vulnerability Network Vulnerability

Summary

This host is running Andy's PHP Knowledgebase and is prone to remote PHP code execution vulnerability.

Impact

Successful exploitation could allow remote attackers to execute arbitrary PHP code within the context of the affected web server process. Impact Level: Application

Solution

Upgrade to version 0.95.6 or later, For updates refer to http://aphpkb.sourceforge.net

Insight

The flaw is caused by improper validation of user-supplied input passed via the 'install_dbuser' parameter to 'step5.php', that allows attackers to execute arbitrary PHP code.

Affected

Andy's PHP Knowledgebase version 0.95.5 and prior.

References

http://downloads.securityfocus.com/vulnerabilities/exploits/47918.txt

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 9.7 AV:N/AC:L/Au:N/C:P/I:C/A:C

Related Vulnerabilities

AproxEngine Multiple Remote Input Validation Vulnerabilities
AWStats configdir parameter arbitrary cmd exec
Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability
'research_display.php' SQL Injection Vulnerability
AV Arcade 'ava_code' Cookie Parameter SQL Injection Vulnerability

Take action and discover your vulnerabilities