Summary
The remote web server contains a PHP application that is affected by a remote file include vulnerability.
Description :
The remote host is running Monster Top List, a site rating script written in PHP.
The installed version of Monster Top List fails to sanitize user input to the 'root_path' parameter in sources/functions.php before using it to include PHP code from other files. An unauthenticated attacker may be able to read arbitrary local files or include a file from a remote host that contains commands which will be executed on the remote host subject to the privileges of the web server process.
This flaw is only exploitable if PHP's 'register_globals' is enabled.
Solution
Unknown at this time.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2006-1781 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities