Summary
The host is running Chyrp and is prone to Multiple directory traversal vulnerabilities.
Impact
Successful exploitation will allow the attackers to read arbitrary files and gain sensitive information on the affected application.
Impact Level: Application
Solution
Upgrade to Chyrp version 2.1.1
For updates refer to http://chyrp.net/
Insight
Multiple flaws are due to improper validation of user supplied input to 'file' parameter in 'includes/lib/gz.php' and 'action' parameter in 'index.php' before being used to include files.
Affected
Chyrp version prior to 2.1.1
References
Severity
Classification
-
CVE CVE-2011-2744, CVE-2011-2780 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities