Detections
Analytics

CoolForum Multiple Vulnerabilities (SQLi, XSS)

medium Nessus Plugin ID 17597

Language:

Synopsis

The remote web server contains a PHP application that suffers from multiple issues.

Description

The remote host is running a version of CoolForum that suffers from multiple input validation vulnerabilities.

- Multiple SQL Injection Vulnerabilities Due to a failure to properly sanitize user-input supplied through the 'pseudo' parameter of the 'admin/entete.php' script and the 'ilogin' parameter of the 'register.php' script, an attacker may be able to manipulate SQL queries and view arbitrary database contents provided PHP's 'magic_quotes_gpc' setting is disabled.

 - A Cross-Site Scripting Vulnerability It is possible to inject arbitrary script and HTML code into the 'img' parameter of the 'avatar.php' script. An attacker can exploit these flaws to cause code to run on a user's browser within the context of the remote site, enabling him to steal authentication cookies, access data recently submitted by the user, and the like.

Solution

Upgrade to CoolForum version 0.8.1 or later.

See Also

http://securitytracker.com/alerts/2005/Mar/1013474.html

Plugin Details

Severity: Medium

ID: 17597

File Name: coolforum_xss_sql.nasl

Version: 1.22

Type: remote

Family: CGI abuses

Published: 3/22/2005

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: Medium

Base Score: 5.1

Temporal Score: 5.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 3/18/2005

Reference Information

CVE: CVE-2005-0857, CVE-2005-0858

BID: 12852

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990