phpBB up.php Arbitrary File Upload

high Nessus Plugin ID 18007

Synopsis

The remote web server contains a PHP script that allows arbitrary file uploads.

Description

The installed version of phpBB on the remote host includes a file upload script intended as a way for users to upload files that they can then link to in their posts. The script, however, does not require authentication, makes only a limited check of upload file types, and stores uploads in a known location. As a result, an attacker can upload arbitrary scripts to the remote host and execute them with the permissions of the web server user.

Solution

Uninstall the file upload script from phpBB.

See Also

https://seclists.org/bugtraq/2005/Apr/122

Plugin Details

Severity: High

ID: 18007

File Name: phpbb_up_module.nasl

Version: 1.19

Type: remote

Family: CGI abuses

Published: 4/11/2005

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:phpbb_group:phpbb

Required KB Items: www/phpBB

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 4/7/2005

Reference Information

CVE: CVE-2005-1047

BID: 13084