Summary
The remote host contains a PHP application that is vulnerable to remote and local file inclusions.
Description :
At least one Docebo application is installed on the system.
Docebo has multiple PHP based applications, including a content management system (DoceboCMS), a e-learning platform (DoceboLMS) and a knowledge maintenance system (DoceboKMS)
By using a flaw in some PHP versions (PHP4 <= 4.4.0 and PHP5 <= 5.0.5) it is possible to include files by overwriting the $GLOBALS variable.
This flaw exists if PHP's register_globals is enabled.
Solution
Disable PHP's register_globals and/or upgrade to a newer PHP release.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2006-2576, CVE-2006-2577 -
CVSS Base Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- 2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
- Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability
- Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
- Apache Archiva Cross Site Request Forgery Vulnerability
- Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability