Summary
OpenNetAdmin is prone to a remote PHP code-execution vulnerability.
Impact
An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may facilitate a compromise of the application and the underlying system other attacks
are also possible.
Impact Level: Application
Solution
Ask the Vendor for an update.
Insight
This problem exist because adding modules can be done without any sort of authentication.
Affected
OpenNetAdmin 13.03.01 is vulnerable
other versions may also be
affected.
Detection
This NVT add a new module to execute some php code by sending some HTTP requests to the target.
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 9.0
AV:N/AC:L/Au:N/C:C/I:P/A:P
Related Vulnerabilities
- 3Com OfficeConnect VPN Firewall Default Password Security Bypass Vulnerability
- AIOCP 'cp_html2xhtmlbasic.php' Remote File Inclusion Vulnerability
- Apache Tomcat Windows Installer Privilege Escalation Vulnerability
- Apple Safari RSS Feed Information Disclosure Vulnerability
- Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities