Summary
The remote web server contains a PHP script that allows for reading of arbitrary files.
Description :
The version of myPHPNuke installed on the remote host allows anyone to read arbitrary files by passing the full filename to the 'filnavn' argument of the 'phptonuke.php' script.
Solution
Upgrade to the latest version.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2002-1913 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- 11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
- @Mail 'admin.php' Cross-Site Scripting Vulnerabilities
- Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
- An Image Gallery Multiple Cross-Site Scripting Vulnerability
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability