Test ID:	1.3.6.1.4.1.25623.1.0.100054
Category:	Web application abuses
Title:	e-Vision CMS <= 2.0.2 Multiple LFI Vulnerabilities - Active Check
Summary:	e-Vision CMS is prone to multiple local file include (LFI); vulnerabilities because it fails to properly sanitize user-supplied input.
Description:	Summary: e-Vision CMS is prone to multiple local file include (LFI) vulnerabilities because it fails to properly sanitize user-supplied input. Vulnerability Impact: An attacker can exploit these vulnerabilities using directory traversal strings to view local files and execute local scripts within the context of the webserver process. A successful attack can allow the attacker to obtain sensitive information or gain unauthorized access to an affected computer in the context of the vulnerable server. Affected Software/OS: e-Vision CMS version 2.0.2 and probably prior. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-6551 BugTraq ID: 32180 http://www.securityfocus.com/bid/32180 https://www.exploit-db.com/exploits/7031 XForce ISS Database: evisioncms-module-file-include(46457) https://exchange.xforce.ibmcloud.com/vulnerabilities/46457
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.