This host is running LabWiki and is prone to multiple cross-site scripting and shell upload vulnerabilities.

Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a user's browser session in context of affected website and to upload arbitrary PHP files with '.gif' extension. Impact Level: Application

Update to version 1.2 or later, For updates refer to http://www.bioinformatics.org/phplabware/labwiki/index.php

The flaws are due to an, - Input passed to the 'from' parameter in index.php is not properly sanitised before being returned to the user. - Input passed to the 'page_no' parameter in recentchanges.php is noti properly sanitised before being returned to the user. - Input passed to the 'userfile' POST parameter in edit.php is not properly verified before being used to upload files.

LabWiki version 1.1 and prior.

• http://archives.neohapsis.com/archives/fulldisclosure/current/0112.html
• http://www.exploit-db.com/exploits/18100/
• http://www.securityfocus.com/archive/1/520441
• https://secunia.com/advisories/46762

---

Updated on 2015-03-25