Test ID:	1.3.6.1.4.1.25623.1.0.200005
Category:	Web application abuses
Title:	Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
Summary:	The remote system contains a PHP application that is prone to; remote file inclusions attacks.;; Description :;; Aardvark Topsites PHP is installed on the remote host. It is; an open source Toplist management system written in PHP.;; The application does not sanitize user-supplied input to; the 'CONFIG[PATH]' variable in some PHP files. This allows; an attacker to include arbitrary files from remote systems, and; execute them with privileges under which the webserver operates.;; The flaw is exploitable if PHP's 'register_globals' is set to on.
Description:	Summary: The remote system contains a PHP application that is prone to remote file inclusions attacks. Description : Aardvark Topsites PHP is installed on the remote host. It is an open source Toplist management system written in PHP. The application does not sanitize user-supplied input to the 'CONFIG[PATH]' variable in some PHP files. This allows an attacker to include arbitrary files from remote systems, and execute them with privileges under which the webserver operates. The flaw is exploitable if PHP's 'register_globals' is set to on. Solution: Disable PHP's 'register_globals' or upgrade to the latest release. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-2149 BugTraq ID: 17940 http://www.securityfocus.com/bid/17940 https://www.exploit-db.com/exploits/1732 http://www.osvdb.org/25158 http://secunia.com/advisories/19911 http://www.vupen.com/english/advisories/2006/1587 XForce ISS Database: aardvark-lostpw-join-file-include(26189) https://exchange.xforce.ibmcloud.com/vulnerabilities/26189
Copyright	Copyright (C) 2008 Ferdy Riphagen

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.