Western Digital Arkeia lang Cookie Local File Inclusion
Medium Nessus Plugin ID 74220
SynopsisThe remote web server hosts a PHP script that is affected by a local file inclusion vulnerability.
DescriptionThe remote Western Digital Arkeia device hosts a PHP script that is affected by a local file inclusion vulnerability. A remote, unauthenticated attacker can exploit this issue to read or execute arbitrary files by crafting a request with directory traversal sequences in the 'lang' cookie.
Note that the application is also reportedly affected by a remote file upload arbitrary code execution vulnerability; however, Nessus has not tested for this issue.
SolutionUpgrade to version 10.1.9 or later.