Detections
Analytics

paNews admin_setup.php Multiple Parameter Arbitrary PHP Code Injection

high Nessus Plugin ID 17201

Language:

Synopsis

The remote web server contains a PHP application that is affected by multiple flaws.

Description

The remote host is running a version of paNews that fails to properly sanitize input passed to the script 'includes/admin_setup.php' and, in addition, allows writes by the web user to the directory 'includes' (not the default configuration). Taken together, these flaws allow a remote attacker to run arbitrary code in the context of the user running the web service or to read arbitrary files on the target.

Solution

Change the permissions on the 'includes/' directory so that the web user cannot write to it.

See Also

https://seclists.org/fulldisclosure/2005/Feb/523

Plugin Details

Severity: High

ID: 17201

File Name: panews_admin_setup_php.nasl

Version: 1.20

Type: remote

Family: CGI abuses

Published: 2/23/2005

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 3/2/2005

Reference Information

CVE: CVE-2005-0647

BID: 12611