Admbook PHP Code Injection Flaw Network Vulnerability

Summary

The remote web server contains a PHP script that allows arbitrary code injection. Description : The remote host is running AdmBook, a PHP-based guestbook. The remote version of this software is prone to remote PHP code injection due to a lack of sanitization of the HTTP header 'X-Forwarded-For'. Using a specially-crafted URL, a malicious user can execute arbitrary command on the remote server subject to the privileges of the web server user id.

Solution

Unknown at this time.

References

http://downloads.securityfocus.com/vulnerabilities/exploits/admbook_122_xpl.pl

Updated on 2015-03-25

Severity

Classification

CVE CVE-2006-0852
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AlefMentor Multiple SQL Injection Vulnerabilities
AdMentor Login Flaw
Acidcat CMS Multiple Vulnerabilities
AIOCP 'cp_html2xhtmlbasic.php' Remote File Inclusion Vulnerability
Atmail Multiple Unspecified Security Vulnerabilities.

Take action and discover your vulnerabilities