Summary
This host is running 4psa Voipnow and is prone to local file inclusion vulnerability.
Impact
Successful exploitation will allow an attacker to view files and execute local scripts in the context of the application.
Impact Level: Application
Solution
Upgrade to 4psa voipnow 2.4 or later,
For updates refer to http://www.4psa.com/products-voipnow-spe.html
Insight
The flaw is due to an improper validation of user-supplied input to the 'screen' parameter in '/help/index.php?', which allows attackers to read arbitrary files via a ../(dot dot) sequences.
Affected
4psa voipnow version prior to 2.4
References
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apple Safari PDF Javascript Security Bypass Bypass Vulnerability
- Assesi 'bg' Parameter SQL Injection vulnerability
- Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability
- 3Com OfficeConnect VPN Firewall Default Password Security Bypass Vulnerability
- ATutor password reminder SQL injection