CAPEC-443

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

,

CWE-507

,

HIPAA-164.308(a)

,

ISO27001-A.12.2.1

,

OWASP 2017-A10

,

PCI v3.2-6.5.6

,

Web Backdoor Detected

Severity:

Critical

Summary

Invicti detected a web backdoor on the target web server.

If you are not aware of this backdoor, it means that your web server has been hacked before.

Impact

An attacker can execute arbitrary commands on the system.

Remediation

Required Skills for Successful Exploitation

Actions To Take

Remove the identified web backdoor from your web server.
You should investigate how this backdoor was placed on your system. There may be another critical vulnerability on your system that allowed this placement.

Classifications

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

,

,

HIPAA-164.308(a)

,

ISO27001-A.12.2.1

,

,

,

Vulnerability Index

You can search and find all vulnerabilities

Select Category

Select Vulnerability

Related Vulnerabilities

Sensitive Data Exposure - Telegram Bot API Token

Database User Has Admin Privileges

Sensitive Data Exposure - Amazon AWS Secret Key

Sensitive Data Exposure - Devise Secret Key

Cross-site Scripting via Remote File Inclusion

Featured resources

Strengthening enterprise application security: Invicti acquires Kondukto

Read this article

Modern AppSec KPIs: Moving from scan counts to real risk reduction

Read this article

Friends don’t let friends shift left: Shift smarter with DAST-first AppSec

Read this article

Vibe talking: Dan Murphy on the promises, pitfalls, and insecurities of vibe coding

Read this article

No items found.

View all resources

Build your resistance to threats. And save hundreds of hours each month.