Contenido < 4.6.4 class.inuse.php Multiple Parameter Remote File Inclusion
High Nessus Network Monitor Plugin ID 3323
SynopsisThe remote host is vulnerable to an flaw that allows attackers to execute arbitrary commands
DescriptionThe remote host is running Contenido, a web content-management application. This version of Contenido is vulnerable to an unspecified 'command execution' flaw. It is reported that an attacker can, by sending a malformed query, coerce the application into running system commands. This flaw can only be executed if the "allow_url_fopen" and "register_globals" PHP variables are enabled. Successful exploitation would result in loss of confidential data as well as a compromise of system integrity.
SolutionUpgrade to version 4.6.4 or higher.