The remote web server contains a PHP script that allows arbitrary code injection. Description : The remote host is running AdmBook, a PHP-based guestbook. The remote version of this software is prone to remote PHP code injection due to a lack of sanitization of the HTTP header 'X-Forwarded-For'. Using a specially-crafted URL, a malicious user can execute arbitrary command on the remote server subject to the privileges of the web server user id.
Unknown at this time.
Updated on 2015-03-25
- Artmedic Kleinanzeigen File Inclusion Vulnerability
- Atlassian JIRA FishEye and Crucible Plugins XML Parsing Unspecified Security Vulnerability
- ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability
- Atutor AChecker Multiple SQL Injection and XSS Vulnerabilities
- Adobe ColdFusion Multiple Vulnerabilities-02 May-2014