Test ID:	1.3.6.1.4.1.25623.1.0.80073
Category:	Web application abuses
Title:	Monster Top List Remote File Include
Summary:	The remote web server is running Monster Top List which is affected by a; remote file include vulnerability.
Description:	Summary: The remote web server is running Monster Top List which is affected by a remote file include vulnerability. Vulnerability Insight: The installed version of Monster Top List fails to sanitize user input to the 'root_path' parameter in sources/functions.php before using it to include PHP code from other files. This flaw is only exploitable if PHP's 'register_globals' is enabled. Vulnerability Impact: An unauthenticated attacker may be able to read arbitrary local files or include a file from a remote host that contains commands which will be executed on the remote host subject to the privileges of the web server process. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-1781 BugTraq ID: 17546 http://www.securityfocus.com/bid/17546 BugTraq ID: 23074 http://www.securityfocus.com/bid/23074 https://www.exploit-db.com/exploits/3530 http://pridels0.blogspot.com/2006/04/monstertoplist.html http://www.osvdb.org/24650 http://secunia.com/advisories/19688 http://www.vupen.com/english/advisories/2006/1350 XForce ISS Database: monstertoplist-functions-file-include(25774) https://exchange.xforce.ibmcloud.com/vulnerabilities/25774
Copyright	Copyright (C) 2008 Josh Zlatin-Amishav

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.