ionCube loader-wizard.php Accessible

medium Nessus Plugin ID 73330

Synopsis

A setup wizard is accessible on the remote web server.

Description

ionCube, an encoding and PHP file security tool written in PHP, is running on the remote host. The 'loader-wizard.php' script that contains setup and configuration assistance and provides access to sensitive information about the web server is accessible to remote, unauthenticated users.

Solution

Remove access to 'loader-wizard.php' or remove the script.

See Also

http://www.ioncube.com/loaders.php

Plugin Details

Severity: Medium

ID: 73330

File Name: ioncube_loader_wizard_accessible.nasl

Version: 1.3

Type: remote

Family: CGI abuses

Published: 4/4/2014

Updated: 1/19/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:ioncube:php_encoder

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning