This script is Copyright (C) 2006-2014 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200605-04
(phpWebSite: Local file inclusion)
rgod has reported that the 'hub_dir' parameter in 'index.php'
isn't properly verified. When 'magic_quotes_gpc' is disabled, this can
be exploited to include arbitrary files from local ressources.
If 'magic_quotes_gpc' is disabled, which is not the default on
Gentoo Linux, a remote attacker could exploit this issue to include and
execute PHP scripts from local ressources with the rights of the user
running the web server, or to disclose sensitive information and
potentially compromise a vulnerable system.
There is no known workaround at this time.
See also :
All phpWebSite users should upgrade to the latest available
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-apps/phpwebsite-0.10.2'
Risk factor :
High / CVSS Base Score : 7.5
Family: Gentoo Local Security Checks
Nessus Plugin ID: 21319 (gentoo_GLSA-200605-04.nasl)
CVE ID: CVE-2006-1819
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.