FreeBSD : phpSysInfo -- 'register_globals' emulation layer overwrite vulnerability (9c1cea79-548a-11da-b53f-0004614cc33d)
High Nessus Plugin ID 21485
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionA Secunia Advisory reports :
Christopher Kunz has reported a vulnerability in phpSysInfo, which can be exploited by malicious people to manipulate certain information.
The vulnerability is caused due to an error in the 'register_globals' emulation layer where certain arrays used by the system can be overwritten. This can be exploited to execute arbitrary HTML and script code in a user's browser session and include arbitrary files from local resources.
SolutionUpdate the affected package.