FreeBSD : codeigniter -- arbitrary script execution in the new Form Validation class (83574d5a-f828-11dd-9fdf-0050568452ac)

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

znirkel reports :

The eval() function in _reset_post_array crashes when posting certain
data. By passing in carefully-crafted input data, the eval() function
could also execute malicious PHP code.

Note that CodeIgniter applications that either do not use the new Form
Validation class or use the old Validation class are not affected by
this vulnerability.

See also :

http://codeigniter.com/bug_tracker/bug/6068/
http://www.nessus.org/u?6f9a555e

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 35639 (freebsd_pkg_83574d5af82811dd9fdf0050568452ac.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now