This host is installed with LiveZilla and is prone to PHP object injection vulnerability.

Successful exploitation will allow remote attackers to inject PHP objects via a user-controller cookie. Impact Level: System/Application

Upgrade to version 5.1.2.1 or higher, For updates refer to http://www.livezilla.net/downloads/en

Flaw in the setCookieValue() function in the '_lib/functions.global.inc.php' script allow attacker to inject PHP objects.

LiveZilla version before 5.1.2.1

Send a crafted HTTP POST request and try to execute serialized PHP object.

• http://forums.livezilla.net/index.php?/topic/163-livezilla-changelog/
• http://osvdb.org/101119
• http://packetstormsecurity.com/files/124445
• http://xforce.iss.net/xforce/xfdb/89796

---

Updated on 2015-03-25