This host is running 4psa Voipnow and is prone to local file inclusion vulnerability.
Successful exploitation will allow an attacker to view files and execute local scripts in the context of the application. Impact Level: Application
Upgrade to 4psa voipnow 2.4 or later, For updates refer to http://www.4psa.com/products-voipnow-spe.html
The flaw is due to an improper validation of user-supplied input to the 'screen' parameter in '/help/index.php?', which allows attackers to read arbitrary files via a ../(dot dot) sequences.
4psa voipnow version prior to 2.4
CVSS Base Score: 7.5
- Apache Struts2 Redirection and Security Bypass Vulnerabilities
- Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities
- Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability
- Advanced Guestbook Index.PHP SQL Injection Vulnerability
- Baby Gekko CMS Multiple Vulnerabilities