Test ID:	1.3.6.1.4.1.25623.1.0.80078
Category:	Web application abuses
Title:	phpWebThings RFI Vulnerability - Active Check
Summary:	phpWebThings is prone to a remote file include (RFI); vulnerability.
Description:	Summary: phpWebThings is prone to a remote file include (RFI) vulnerability. Vulnerability Insight: The version of phpWebThings installed on the remote host fails to sanitize input to the 'editor_insert_bottom' parameter before using it in the 'core/editor.php' script to include PHP code. Vulnerability Impact: Provided PHP's 'register_globals' setting is enabled, an unauthenticated attacker can exploit this issue to view arbitrary files and execute arbitrary code, possibly taken from third-party hosts, on the remote host. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-6042 BugTraq ID: 21178 http://www.securityfocus.com/bid/21178 Bugtraq: 20070607 phpWebThings ==>1.5.2 RFI (Google Search) http://www.securityfocus.com/archive/1/470794/100/0/threaded https://www.exploit-db.com/exploits/2811 http://secunia.com/advisories/23001 http://www.vupen.com/english/advisories/2006/4596 XForce ISS Database: phpwebthings-editor-file-include(30401) https://exchange.xforce.ibmcloud.com/vulnerabilities/30401
Copyright	Copyright (C) 2008 Justin Seitz

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.