Summary
The remote host contains a PHP application that is vulnerable to remote and local file inclusions.
Description :
At least one Docebo application is installed on the system.
Docebo has multiple PHP based applications, including a content management system (DoceboCMS), a e-learning platform (DoceboLMS) and a knowledge maintenance system (DoceboKMS)
By using a flaw in some PHP versions (PHP4 <= 4.4.0 and PHP5 <= 5.0.5) it is possible to include files by overwriting the $GLOBALS variable.
This flaw exists if PHP's register_globals is enabled.
Solution
Disable PHP's register_globals and/or upgrade to a newer PHP release.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2006-2576, CVE-2006-2577 -
CVSS Base Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache ActiveMQ Multiple Vulnerabilities
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- Apache CouchDB Cross Site Request Forgery Vulnerability
- Apache Tomcat SecurityConstraints Security Bypass Vulnerability
- Ampache Reflected Cross Site Scripting Vulnerability