popper_mod PHP Administration Script Authentication Bypass

high Nessus Plugin ID 11334

Synopsis

It is possible to gain administrative rights on the remote POP server.

Description

It is possible to administrate the remote popper_mod CGI by requesting the /admin directory directly.

An attacker may use this flaw to obtain the passwords of your users.

Solution

Upgrade to the latest version.

Plugin Details

Severity: High

ID: 11334

File Name: popper_mod.nasl

Version: 1.18

Type: remote

Family: CGI abuses

Published: 3/9/2003

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 4/9/2004

Reference Information

CVE: CVE-2002-0513

BID: 4412

Detections

Analytics