Detections
Analytics
SIR GNUBoard Remote File Inclusion
high Nessus Plugin ID 15975
Language:
Synopsis
The remote web server is running a PHP application that is affected by a remote file inclusion vulnerability.Description
It is possible to make the remote web server read arbitrary files by using the GNUBoard CGI suite which is installed.An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell with the privileges of the web server.
Solution
Upgrade to GNUBoard 3.40 or later.See Also
https://www.securityfocus.com/archive/1/384522/30/0/threaded
Plugin Details
Severity: High
ID: 15975
File Name: gnuboard_file_include.nasl
Version: 1.17
Type: remote
Family: CGI abuses
Published: 12/15/2004
Updated: 1/19/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.0
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 7.1
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2004-1403
CVSS v3
Risk Factor: High
Base Score: 8.3
Temporal Score: 8.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:H/RL:W/RC:C
Vulnerability Information
Required KB Items: www/PHP
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Available: true
Exploit Ease: No exploit is required
Vulnerability Publication Date: 12/14/2004
Reference Information
CVE: CVE-2004-1403
BID: 11948