Detections
Analytics
Help Center Live Multiple Remote Vulnerabilities (Cmd Exec, XSS)
high Nessus Plugin ID 16060
Language:
Synopsis
The remote web server contains a PHP application that is prone to multiple attacks.Description
The remote host is running Help Center Live, a help desk application written in PHP.The remote version of this software is vulnerable to various flaws, including one that may allow an attacker to execute arbitrary commands on the remote host subject to the privileges of the web server user id provided PHP's 'register_globals' setting is enabled.
Solution
Unknown at this time.See Also
http://www.gulftech.org/?node=research&article_id=00058-12242004
Plugin Details
Severity: High
ID: 16060
File Name: help_center_file_include.nasl
Version: 1.17
Type: remote
Family: CGI abuses
Published: 12/28/2004
Updated: 1/19/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.3
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 6.5
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2004-2602
CVSS v3
Risk Factor: High
Base Score: 8.3
Temporal Score: 8.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:H/RL:W/RC:X
Vulnerability Information
Required KB Items: www/PHP
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Available: true
Exploit Ease: No exploit is required
Vulnerability Publication Date: 12/25/2004
Reference Information
CVE: CVE-2004-2602, CVE-2004-2603
BID: 12105