Summary
The host is running xBoard and is prone to Local file inclusion vulnerability.
Impact
Successful exploitation will allow attackers to read arbitrary files on the target system.
Impact Level: Application
Solution
Ugrade to xBoard 6.5 or later,
For updates refer to http://sourceforge.net/projects/xboard
Insight
The flaw is due to an improper validation of user-supplied input to the 'post' parameter in 'view.php', which allows attackers to read arbitrary files via a ../(dot dot) sequences.
Affected
xBoard versions 5.0, 5.5, 6.0
Detection
Send the crafted HTTP GET request and check is it possible to read the system file.
References
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Ampache Reflected Cross Site Scripting Vulnerability
- Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
- AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
- A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
- Adobe ColdFusion Multiple Vulnerabilities-03 May-2014