Test ID:	1.3.6.1.4.1.25623.1.0.103439
Category:	Web application abuses
Title:	webgrind 1.0 (file param) Local File Inclusion Vulnerability
Summary:	Webgrind is prone to a local file-include vulnerability because it; fails to properly sanitize user-supplied input.
Description:	Summary: Webgrind is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Vulnerability Impact: An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process. This may aid in further attacks. Affected Software/OS: Webgrind 1.0 (v1.02 in trunk on github) are vulnerable. Other versions may also be affected. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3047 BugTraq ID: 52395 http://www.securityfocus.com/bid/52395 http://security.gentoo.org/glsa/glsa-201203-19.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14935 http://secunia.com/advisories/48375 http://secunia.com/advisories/48419 http://secunia.com/advisories/48527 SuSE Security Announcement: openSUSE-SU-2012:0374 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00012.html XForce ISS Database: google-chrome-gpu-code-execution(73904) https://exchange.xforce.ibmcloud.com/vulnerabilities/73904
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.