Oplossingen voor kwetsbaarheid |
||
| De WatchMouse Periodieke Kwetsbaarheidscan controleert op onderstaande kwetsbaarheden. De meest recent toegevoegde oplossingen voor kwetsbaarheid die door WatchMouse worden gescand vindt u in het overzicht Oplossingen voor kwetsbaarheid | ||
| Categorie: CGI abuses | Risicofactor: High | Toegevoegd: 10 Oct 2008 |
| Synopsis: The remote web server contains a PHP application that allows injection of arbitrary PHP commands. Description: The remote host is running Openads, an open source ad serving application written in PHP. The installed version of Openads contains a vulnerability in its delivery engine in that it fails to properly sanitize input to the 'name' argument of the 'OA_Delivery_Cache_store()' function in various scripts under 'www/delivery' before saving it in a cache file. An unauthenticated remote attacker can exploit this issue to inject arbitrary PHP code and then execute it on the remote host, subject to the privileges under which the web server operates. See also: http://www.securityfocus.com/archive/1/archive/1/487486/100/0/threaded Solution: Upgrade to Openads 2.4.3 or later. Risk factor: High / CVSS Base Score : 7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P) |
||
