Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Contenido < 4.6.4 class.inuse.php Multiple Parameter Remote File Inclusion

High

Synopsis

The remote host is vulnerable to an flaw that allows attackers to execute arbitrary commands

Description

The remote host is running Contenido, a web content-management application. This version of Contenido is vulnerable to an unspecified 'command execution' flaw. It is reported that an attacker can, by sending a malformed query, coerce the application into running system commands. This flaw can only be executed if the "allow_url_fopen" and "register_globals" PHP variables are enabled. Successful exploitation would result in loss of confidential data as well as a compromise of system integrity.

Solution

Upgrade to version 4.6.4 or higher.