Test ID:	1.3.6.1.4.1.25623.1.0.103797
Category:	Web application abuses
Title:	Xibo 'index.php' Multiple Directory Traversal Vulnerabilities
Summary:	Xibo is prone to multiple directory traversal vulnerabilities because;it fails to properly sanitize user-supplied input.
Description:	Summary: Xibo is prone to multiple directory traversal vulnerabilities because it fails to properly sanitize user-supplied input. Vulnerability Insight: Directory traversal vulnerabilities occur when user input is used in the construction of a filename or directory path which is subsequently used in some system function. If the input is not correctly validated or directory permissions not correctly set, it may be possible to cause a different file to be accessed other than that intended. This issue was exploited by adding a null byte (%00) which resulted in the application ignoring the rest of the supplied value after the null byte. Vulnerability Impact: An attacker can exploit these issues using directory-traversal strings to retrieve arbitrary files outside of the webserver root directory. This may aid in further attacks Affected Software/OS: Xibo 1.2.2 and 1.4.1 are vulnerable, other versions may also be affected. Solution: Upgrade to Xibo 1.4.2 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-5979 http://www.baesystemsdetica.com.au/Research/Advisories/Xibo-Directory-Traversal-Vulnerability-(DS-2013-00
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.