NI3
11-04-2003, 12:41 PM
Test ID: 11911
Category: CGI abuses
Title: 'Les Visiteurs' script injection
Summary: Les Visiteurs inc file upload
Description:
The remote 'Les Visiteurs' PHP scripts are vulnerable to a bug
wherein any anonymous user can force the server to redirect to
any arbitrary IP and download a potentially malicious include file.
This can allow an attacker to upload and execute malicious
code on the web server
Solution: Upgrade to version 2.0.2 - [Only registered and activated users can see links]
Risk factor : High
Copyright: This script is Copyright (C) 2003 Tenable Network Security
Cross-Ref: BugTraq ID: 8902
Category: CGI abuses
Title: 'Les Visiteurs' script injection
Summary: Les Visiteurs inc file upload
Description:
The remote 'Les Visiteurs' PHP scripts are vulnerable to a bug
wherein any anonymous user can force the server to redirect to
any arbitrary IP and download a potentially malicious include file.
This can allow an attacker to upload and execute malicious
code on the web server
Solution: Upgrade to version 2.0.2 - [Only registered and activated users can see links]
Risk factor : High
Copyright: This script is Copyright (C) 2003 Tenable Network Security
Cross-Ref: BugTraq ID: 8902