This host is installed with ActualAnalyzer Lite and is prone to remote code execution vulnerability.
Successful exploitation will allow attacker to execute arbitrary code in the affected system. Impact Level: Application
No solution or patch is available as of 20th February, 2015. Information regarding this issue will be updated once the solution details are available. or updates refer to http://www.actualscripts.com/products/analyzer/lite
Flaw exists because the 'ant' cookie parameter is not properly sanitized upon submission to the /aa.php script.
ActualAnalyzer Lite version 2.81 and probably prior.
Send a crafted exploit string via HTTP GET request and check whether it is able to execute the code remotely.
Updated on 2017-03-28
- 68designs 68kb Multiple Remote File Include Vulnerabilities
- AV Arcade 'ava_code' Cookie Parameter SQL Injection Vulnerability
- AIOCP 'cp_html2xhtmlbasic.php' Remote File Inclusion Vulnerability
- Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
- Atutor AChecker Multiple SQL Injection and XSS Vulnerabilities