AjaXplorer < 2.6 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 5506
SynopsisThe remote web server is hosting a web application that is vulnerable to multiple attack vectors.
DescriptionThe remote web server is hosting AjaXplorer, a web-based file management application. The installed version is earlier than 2.6. Such versions are potentially affected by multiple vulnerabilities :
- A command-injection vulnerability via the 'destserver' parameter of the 'plugins/access.ssh/checkInstall.php' script.
- Unspecified input is not properly validated before being used to read files.
SolutionUpgrade to AjaXplorer 2.6 or later.