Summary
This host is installed with LiveZilla and is prone to PHP object injection vulnerability.
Impact
Successful exploitation will allow remote attackers to inject PHP objects via a user-controller cookie.
Impact Level: System/Application
Solution
Upgrade to version 5.1.2.1 or higher,
For updates refer to http://www.livezilla.net/downloads/en
Insight
Flaw in the setCookieValue() function in the '_lib/functions.global.inc.php' script allow attacker to inject PHP objects.
Affected
LiveZilla version before 5.1.2.1
Detection
Send a crafted HTTP POST request and try to execute serialized PHP object.
References
Severity
Classification
-
CVE CVE-2013-7034 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities