This host is installed with HybridAuth and is prone to remote code execution vulnerability.

Successful exploitation will allow attacker to execute arbitrary code in the affected system. Impact Level: Application

Upgrade to HybridAuth version 2.2.2 or later, For updates refer http://hybridauth.sourceforge.net

Flaw exists because the hybridauth/install.php script does not properly verify or sanitize user-uploaded files.

HybridAuth version 2.1.2 and probably prior.

Send a crafted exploit string via HTTP GET request and check whether it is able to execute the code remotely.

• http://osvdb.com/109838
• http://packetstormsecurity.com/files/127930
• http://seclists.org/fulldisclosure/2014/Aug/10
• http://www.exploit-db.com/exploits/34273
• http://www.exploit-db.com/exploits/34390

---

Updated on 2015-03-25