Summary
The 'directory.php' file is installed.
1. This tool allows anybody to read any directory.
2. It is possible to execute arbitrary code with the rights of the HTTP server.
Solution
remove 'directory.php'.
Severity
Classification
-
CVE CVE-2002-0434 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Artifectx xClassified 'catid' SQL Injection Vulnerability
- Astium VoIP PBX SQL Injection Vulnerability
- 3Com OfficeConnect VPN Firewall Default Password Security Bypass Vulnerability
- 4Images <= 1.7.1 Directory Traversal Vulnerability
- ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities