Summary
The remote system contains a PHP application that is prone to command execution flaws.
Description :
The remote system is running a vulnerable version of eyeOS.
EyeOS is a web based operating system, wich makes it possible to access data and applications remote by using a web-browser.
The installed version does not initialize user sessions properly, allowing unauthenticated attackers to execute arbitrary commands with the privileges of the webserver.
Solution
Upgrade to eyeOS version 0.8.10.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2006-0636 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- A-Blog 'sources/search.php' SQL Injection Vulnerability
- ARRIS 2307 Unprotected Web Console
- Apache Solr XML External Entity(XXE) Vulnerability-02 Jan-14
- Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities
- ASAS Server End User Self Service (EUSS) SQL Injection Vulnerability