Summary
This host is installed with DirPHP and is prone to local file inclusion vulnerability.
Impact
Successful exploitation will allow remote attackers to read arbitrary files on the target system.
Impact Level: Application
Solution
No solution or patch is available as of 9th February, 2015. Information regarding this issue will be updated once the solution details are available.
or updates refer to http://sourceforge.net/projects/dirphp
Insight
Flaw is due to the index.php script not properly sanitizing user input, specifically absolute paths supplied via the 'phpfile' parameter.
Affected
DirPHP version 1.0
Detection
Send a crafted data via HTTP GET request and check whether it is able to read local file or not.
References
Severity
Classification
-
CVE CVE-2014-5115 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- A Really Simple Chat Multiple XSS Vulnerabilities
- Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
- AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
- 7Media Web Solutions EduTrac Directory Traversal Vulnerability
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability