Summary
This host is running Bitweaver, which is prone to directory traversal and code injection vulnerabilities.
Impact
Successful exploitation will let the attacker to cause PHP code injection, directory traversal, gain sensitive information, and can cause arbitrary code execution inside the context of the web application.
Impact Level: Application
Solution
Upgrade to Bitweaver version 2.6.1 or later
http://www.bitweaver.org/downloads/file/16337
Insight
Multiple flaws are due to improper handling of user supplied input in saveFeed function in rss/feedcreator.class.php file and it can cause following attacks.
- PHP code injection via placing PHP sequences into the account 'display name' setting for authenticated users or in the HTTP Host header for remote users by sending a request to boards/boards_rss.php.
- Directory traversal allow remote user to create or overwrite arbitrary file via a .. (dot dot) in the version parameter to boards/boards_rss.php.
Affected
Bitweaver version 2.6.0 and prior
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2009-1677, CVE-2009-1678 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AlienVault OSSIM 'date_from' Parameter Multiple SQL Injection Vulnerabilities
- AVTECH DVR Multiple Vulnerabilities
- Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities
- AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities
- Apache Axis2 Document Type Declaration Processing Security Vulnerability