Summary
The remote web server contains a PHP script that is prone to file inclusion flaws.
Description :
phpDocumentor is a automatic documentation generator for PHP.
The remote host appears to be running the web-interface of phpDocumentor.
This version does not properly sanitize user input in the 'file_dialog.php' file and a test file called 'bug-559668.php' It is possible for an attacker to include remote files and execute arbitrary commands on the remote system, and display the content of sensitive files.
This flaw is exploitable if PHP's 'register_globals' setting is enabled.
Solution
Disable PHP's 'register_globals' setting.
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2005-4593 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities