Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
BasiliX Attachment Disclosure Vulnerability
Information
Severity
Severity
Low
Family
Family
Web application abuses
CVSSv2 Base
CVSSv2 Base
2.1
CVSSv2 Vector
CVSSv2 Vector
AV:L/AC:L/Au:N/C:P/I:N/A:N
Solution Type
Solution Type
Vendor Patch
Created
Created
18 years ago
Modified
Modified
5 years ago
Summary
The remote web server contains a series of PHP scripts that are prone to information disclosure. Description : The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions save attachments by default under '/tmp/BasiliX', which is world-readable and apparently never emptied by BasiliX itself. As a result, anyone with shell access on the affected system or who can place CGI files on it can access attachments uploaded to BasiliX.
Solution
Solution
Upgrade to BasiliX version 1.1.1 or later.