This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote web server hosts a PHP script that is affected by a local
file inclusion vulnerability.
The remote Western Digital Arkeia device hosts a PHP script that is
affected by a local file inclusion vulnerability. A remote,
unauthenticated attacker can exploit this issue to read or execute
arbitrary files by crafting a request with directory traversal
sequences in the 'lang' cookie.
Note that the application is also reportedly affected by a remote file
upload arbitrary code execution vulnerability
however, Nessus has not
tested for this issue.
See also :
Upgrade to version 10.1.9 or later.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true
Family: CGI abuses
Nessus Plugin ID: 74220 ()
Bugtraq ID: 62444