Test ID:	1.3.6.1.4.1.25623.1.0.80060
Category:	Web application abuses
Title:	Free Articles Directory RFI Vulnerability
Summary:	Free Articles Directory is prone to a remote file include (RFI); vulnerability.
Description:	Summary: Free Articles Directory is prone to a remote file include (RFI) vulnerability. Vulnerability Insight: Free Articles Directory fails to sanitize user input to the 'page' parameter in index.php. An unauthenticated attacker may be able to read arbitrary local files or include a file from a remote host that contains commands which will be executed by the vulnerable script, subject to the privileges of the web server process. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-1350 BugTraq ID: 17183 http://www.securityfocus.com/bid/17183 Bugtraq: 20060321 Free Articles Directory Remote Command Exucetion (Google Search) http://www.securityfocus.com/archive/1/428354/100/0/threaded http://www.osvdb.org/24024 http://secunia.com/advisories/19320 http://securityreason.com/securityalert/616 http://attrition.org/pipermail/vim/2006-March/000626.html http://www.vupen.com/english/advisories/2006/1037 XForce ISS Database: freearticlesdirectory-index-file-include(25378) https://exchange.xforce.ibmcloud.com/vulnerabilities/25378
Copyright	Copyright (C) 2008 Josh Zlatin-Amishav

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.