Summary
This host is running 4psa Voipnow and is prone to local file inclusion vulnerability.
Impact
Successful exploitation will allow an attacker to view files and execute local scripts in the context of the application.
Impact Level: Application
Solution
Upgrade to 4psa voipnow 2.4 or later,
For updates refer to http://www.4psa.com/products-voipnow-spe.html
Insight
The flaw is due to an improper validation of user-supplied input to the 'screen' parameter in '/help/index.php?', which allows attackers to read arbitrary files via a ../(dot dot) sequences.
Affected
4psa voipnow version prior to 2.4
References
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Struts2 Redirection and Security Bypass Vulnerabilities
- Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities
- Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability
- Advanced Guestbook Index.PHP SQL Injection Vulnerability
- Baby Gekko CMS Multiple Vulnerabilities