Basilix Webmail basilix.php3 request_id[DUMMY] Variable Traversal Arbitrary File Access

high Nessus Plugin ID 11072

Synopsis

The remote web server contains a PHP script that is prone to a remote file include attack.

Description

The script 'basilix.php3' is installed on the remote web server. Some versions of this webmail software allow the users to read any file on the system with the permission of the webmail software, and execute any PHP.

Solution

Update Basilix or remove DUMMY from lang.inc.

See Also

https://seclists.org/bugtraq/2001/Jul/114

Plugin Details

Severity: High

ID: 11072

File Name: basilix_webmail.nasl

Version: 1.27

Type: remote

Family: CGI abuses

Published: 8/14/2002

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: imap/login, imap/password, Settings/ParanoidReport, www/PHP

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 7/6/2001

Reference Information

CVE: CVE-2001-1045

BID: 2995