This host is running Andy's PHP Knowledgebase and is prone to remote PHP code execution vulnerability.
Successful exploitation could allow remote attackers to execute arbitrary PHP code within the context of the affected web server process. Impact Level: Application
Upgrade to version 0.95.6 or later, For updates refer to http://aphpkb.sourceforge.net
The flaw is caused by improper validation of user-supplied input passed via the 'install_dbuser' parameter to 'step5.php', that allows attackers to execute arbitrary PHP code.
Andy's PHP Knowledgebase version 0.95.5 and prior.
Updated on 2015-03-25
- Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities
- ApPHP MicroBlog Remote Code Execution Vulnerability
- AlienVault OSSIM 'date_from' Parameter Multiple SQL Injection Vulnerabilities
- 'research_display.php' SQL Injection Vulnerability
- Athena Web Registration remote command execution flaw