This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
The remote application is affected by a character handling
vulnerability in the bundled version of PHP.
The SecurityCenter application installed on the remote host contains a
bundled version of PHP that is prior to 5.4.43. It is, therefore,
affected by an exclamation mark character handling issue in the
escapeshellcmd() and escapeshellarg() PHP functions. A remote attacker
can exploit this to substitute environment variables.
See also :
Apply the relevant patch as referenced in the vendor advisory.
Risk factor :
High / CVSS Base Score : 9.3
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now