Sårbarhetslösningar |
||
| WatchMouse periodiska sårbarhetsskanning kontrollerar sårbarheten nedan. Om du vill se de senasta sårbarhetslösningarna som skannas av WatchMouse kan du gå till översikten med sårbarhetslösningar | ||
| Kategori: CGI abuses | Riskfaktor: High | Tillagt: 10 Oct 2008 |
| Synopsis: The remote web server contains a PHP application that allows injection of arbitrary PHP commands. Description: The remote host is running Openads, an open source ad serving application written in PHP. The installed version of Openads contains a vulnerability in its delivery engine in that it fails to properly sanitize input to the 'name' argument of the 'OA_Delivery_Cache_store()' function in various scripts under 'www/delivery' before saving it in a cache file. An unauthenticated remote attacker can exploit this issue to inject arbitrary PHP code and then execute it on the remote host, subject to the privileges under which the web server operates. See also: http://www.securityfocus.com/archive/1/archive/1/487486/100/0/threaded Solution: Upgrade to Openads 2.4.3 or later. Risk factor: High / CVSS Base Score : 7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P) |
||
