FreeBSD : codeigniter -- arbitrary script execution in the new Form Validation class (83574d5a-f828-11dd-9fdf-0050568452ac)

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

znirkel reports :

The eval() function in _reset_post_array crashes when posting certain
data. By passing in carefully-crafted input data, the eval() function
could also execute malicious PHP code.

Note that CodeIgniter applications that either do not use the new Form
Validation class or use the old Validation class are not affected by
this vulnerability.

See also :

Solution :

Update the affected package.

Risk factor :


Family: FreeBSD Local Security Checks

Nessus Plugin ID: 35639 (freebsd_pkg_83574d5af82811dd9fdf0050568452ac.nasl)

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now