| VID |
21951 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Virtual Hosting Control System (VHCS) is vulnerable to an authentication bypass vulnerability in the check_login() function. Virtual Hosting Control System (VHCS) is an open-source server control system for web hosting solutions and automation software. VHCS version 2.4.7.1 and version 2.4.6.2 and earlier versions could allow a remote attacker to bypass authentication and gain access to administrative access to the application. This is caused by a vulnerability in the check_login() function which could execute arbitrary PHP script on the affected system and possibly gain complete control of the VHCS system.
* References:
http://www.frsirt.com/english/advisories/2006/0534
http://secunia.com/advisories/18799
http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt
http://www.securityfocus.com/archive/1/archive/1/424816/100/0/threaded
http://vhcs.net/new/modules/news/article.php?storyid=25
* Platforms Affected:
VHCS Project, VHCS version 2.4.7.1
VHCS Project, VHCS version 2.4.6.2 and earlier versions
Linux Any version |
| Recommendation |
Upgrade to the latest version of VHCS (2.4.7.1 patch 3 or later), available from the SourceForge.net Download Web site at http://www.vhcs.net |
| Related URL |
CVE-2006-0685 (CVE) |
| Related URL |
16600 (SecurityFocus) |
| Related URL |
24666 (ISS) |
|
