WEB APPLICATION VULNERABILITIES Standard & Premium

webadmin.php script

Description

webadmin.php is a simple Web-based file manager. This file manager should not be installed on production systems because it doesn't employ any user authentication in the default configuration. Therefore an attacker can read and create random files in your system.

Remediation

Restrict access to this file or remove it from the system.

References

webadmin homepage

Related Vulnerabilities

WordPress Plugin Gmail SMTP Arbitrary File Disclosure (1.1.0)

WordPress Plugin Import all XML, CSV & TXT into WordPress Arbitrary File Disclosure (3.7)

WordPress Plugin MasterStudy LMS-for Online Courses and Education Local File Inclusion (3.3.0)

WordPress Plugin Simple Download Button Shortcode 'file' Parameter Information Disclosure (1.0)

WordPress Plugin N-Media Website Contact Form with File Upload Local File Inclusion (1.5)

Severity

High

Classification

CWE-552 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Abuse Of Functionality Arbitrary File Creation File Inclusion Information Disclosure