Andy's PHP Knowledgebase 'step5.php' Remote PHP Code Execution Vulnerability Network Vulnerability

Summary

This host is running Andy's PHP Knowledgebase and is prone to remote PHP code execution vulnerability.

Impact

Successful exploitation could allow remote attackers to execute arbitrary PHP code within the context of the affected web server process. Impact Level: Application

Solution

Upgrade to version 0.95.6 or later, For updates refer to http://aphpkb.sourceforge.net

Insight

The flaw is caused by improper validation of user-supplied input passed via the 'install_dbuser' parameter to 'step5.php', that allows attackers to execute arbitrary PHP code.

Affected

Andy's PHP Knowledgebase version 0.95.5 and prior.

References

http://downloads.securityfocus.com/vulnerabilities/exploits/47918.txt

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 9.7
AV:N/AC:L/Au:N/C:P/I:C/A:C

Related Vulnerabilities

Andy's PHP Knowledgebase 'step5.php' Remote PHP Code Execution Vulnerability
admin.cgi overflow
AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities
Atutor AContent Multiple SQL Injection and XSS Vulnerabilities
Adobe ColdFusion Directory Traversal Vulnerability

Take action and discover your vulnerabilities