This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
If magic quotes are off there's a SQL injection when sending a
forgotten password. It's possible to overwrite the admin password and
to take over the whole system. In some files in the admin section
there are some cross site scripting vulnerabilities. In the public
frontend it's possible to include arbitrary php files.
See also :
Update the affected package.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 6.8
Public Exploit Available : true
Family: FreeBSD Local Security Checks
Nessus Plugin ID: 21510 (freebsd_pkg_c6b9aee8307111daaf18000ae4641456.nasl)
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now