Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability Network Vulnerability

Summary

The remote system contains a PHP application that is prone to remote file inclusions attacks. Description : Aardvark Topsites PHP is installed on the remote host. It is a open source Toplist management system written in PHP. The application does not sanitize user-supplied input to the 'CONFIG[PATH]' variable in some PHP files. This allows an attacker to include arbitrary files from remote systems, and execute them with privileges under which the webserver operates. The flaw is exploitable if PHP's 'register_globals' is set to on.

Solution

Disable PHP's 'register_globals' or upgrade to the latest release.

References

http://secunia.com/advisories/19911/
http://www.aardvarktopsitesphp.com/forums/viewtopic.php?t=4301

Updated on 2015-03-25

Severity

Classification

CVE CVE-2006-2149
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N

Related Vulnerabilities

AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
aeNovo Database Content Disclosure Vulnerability
Apache Tomcat Information Disclosure Vulnerability
Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities

Take action and discover your vulnerabilities