Detections
Analytics
Syncrify < 2.1 Build 420 Multiple Security Bypass Vulnerabilities
high Nessus Plugin ID 49659
Language:
Synopsis
The remote web server hosts an application that is affected by multiple security bypass vulnerabilities.Description
According to its version, the remote installation of Syncrify is affected by multiple security bypass vulnerabilities :- The application fails to restrict access to the password management page and allows users to change the administrator's password by directly accessing that page.
- It is possible for users to browse and download unauthorized files by accessing them directly.
Solution
Upgrade to Syncrify 2.1 build 420, or later.See Also
Plugin Details
Severity: High
ID: 49659
File Name: syncrify_2_1_build420.nasl
Version: 1.8
Type: remote
Family: CGI abuses
Published: 9/23/2010
Updated: 1/19/2021
Supported Sensors: Nessus
Risk Information
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.2
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
Required KB Items: www/syncrify
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 9/17/2010
Vulnerability Publication Date: 9/17/2010
Reference Information
BID: 43333
Secunia: 41520