Summary
This host is running Cyclope Employee Surveillance Solution and is prone to local file inclusion vulnerability.
Impact
Successful exploitation will allow attacker to obtain potentially sensitive information.
Impact Level: Application
Solution
Update to version 6.2.1 or later,
For updates refer to http://www.cyclope-series.com
Insight
An improper validation of user-supplied input via the 'pag' parameter to 'help.php', that allows remote attackers to view files and execute local scripts in the context of the webserver.
Affected
Cyclope Employee Surveillance Solution versions 6.0 to 6.0.2
References
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
- Apache Struts2/XWork Remote Command Execution Vulnerability
- Afian 'includer.php' Directory Traversal Vulnerability
- 2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
- 1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability