Summary
The remote web server contains a PHP application that is affected by a remote file include vulnerability.
Description :
The remote host is running Free Articles Directory, a CMS written in PHP.
The installed version of Free Articles Directory fails to sanitize user input to the 'page' parameter in index.php. An unauthenticated attacker may be able to read arbitrary local files or include a file from a remote host that contains commands which will be executed by the vulnerable script, subject to the privileges of the web server process.
Solution
Unknown at this time.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2006-1350 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AWCM CMS Multiple Remote File Include Vulnerabilities
- AIOCP 'cp_html2xhtmlbasic.php' Remote File Inclusion Vulnerability
- appRain CMF SQL Injection And Cross Site Scripting Vulnerabilities
- Atutor AChecker Multiple SQL Injection and XSS Vulnerabilities
- Andy's PHP Knowledgebase 'step5.php' Remote PHP Code Execution Vulnerability