Summary
This host is installed with Free Directory Script and is prone to File Inclusion Vulnerability.
Impact
Successful exploitation will let the attacker add, modify or delete files from the server and can let the attacker install trojans or backdoors.
Impact Level: Application
Solution
No patch is available as on 24th November, 2008.
Insight
The Error occurs when passing an input parameter into the 'API_HOME_DIR' in 'init.php' file which is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.
Affected
Free Directory Script version 1.1.1 and prior.
Workaround: Edit the source code to ensure that input is properly verified.
References
Updated on 2017-03-28
Severity
Classification
-
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- 3Com OfficeConnect VPN Firewall Default Password Security Bypass Vulnerability
- 4psa Voipnow Local File Inclusion Vulnerability
- ASP Inline Corporate Calendar SQL injection
- Advantech WebAccess Multiple Vulnerabilities
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution