Lucene search

FreeBSDD9DC2697-DADF-11DA-912F-00123FFE8333

HistoryApr 18, 2006 - 12:00 a.m.

phpwebftp -- "language" Local File Inclusion

2006-04-1800:00:00

vuxml.freebsd.org

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.007 Low

EPSS

Percentile

80.3%

JSON

Secunia reports:

phpWebFTP have a vulnerability, which can be exploited by
malicious people to disclose sensitive information.
Input passed to the “language” parameter in index.php isn’t
properly verified, before it is used to include files. This can be
exploited to include arbitrary files from local resources.
Successful exploitation requires that “magic_quotes_gpc” is
disabled.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchphpwebftp< 3.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	phpwebftp	< 3.3	UNKNOWN

References

secunia.com/advisories/19706/

sourceforge.net/forum/forum.php?forum_id=566199

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.007 Low

EPSS

Percentile

80.3%

JSON

Related for D9DC2697-DADF-11DA-912F-00123FFE8333