Netref Cat_for_gen.PHP Remote PHP Script Injection Vulnerability Network Vulnerability

Summary

The remote host is running the Netref directory script, written in PHP. There is a vulnerability in the installed version of Netref that enables a remote attacker to pass arbitrary PHP script code through the 'ad', 'ad_direct', and 'm_for_racine' parameters of the 'cat_for_gen.php' script. This code will be executed on the remote host under the privileges of the web server userid.

Solution

Upgrade to Netref 4.3 or later.

Severity

Classification

CVE CVE-2005-1222

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
Admin News Tools Multiple Vulnerabilities
Apache Axis2 Document Type Declaration Processing Security Vulnerability
Advanced Guestbook Index.PHP SQL Injection Vulnerability
artmedic_links5 File Inclusion Vulnerability

Take action and discover your vulnerabilities