Summary
OpenNetAdmin is prone to a remote PHP code-execution vulnerability.
Impact
An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may facilitate a compromise of the application and the underlying system other attacks
are also possible.
Impact Level: Application
Solution
Ask the Vendor for an update.
Insight
This problem exist because adding modules can be done without any sort of authentication.
Affected
OpenNetAdmin 13.03.01 is vulnerable
other versions may also be
affected.
Detection
This NVT add a new module to execute some php code by sending some HTTP requests to the target.
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 9.0
AV:N/AC:L/Au:N/C:C/I:P/A:P
Related Vulnerabilities
- Atutor AChecker Multiple SQL Injection and XSS Vulnerabilities
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
- ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
- appRain CMF SQL Injection And Cross Site Scripting Vulnerabilities
- Assesi 'bg' Parameter SQL Injection vulnerability