Novell ZENworks Mobile Management MDM.php Local File Inclusion
High Nessus Plugin ID 65551
SynopsisThe remote host is affected by a local file inclusion vulnerability.
DescriptionNessus was able to exploit a local file inclusion vulnerability in the
'language' parameter of Novell ZENworks Mobile Management's 'MDM.php'
script by sending a specially crafted HTTP GET request. By providing a
directory traversal string, it is possible to access any file on the
system accessible by the web server.
Note that hosts affected by this vulnerability are likely affected by a
similar vulnerability in 'DUSAP.php'.
SolutionUpgrade to Novell ZENworks Mobile Management 2.7.1 or later, when it