Detections
Analytics

Clever Copy Multiple Vulnerabilities (XSS, Path Disc, Inf Disc)

medium Nessus Plugin ID 19392

Language:

Synopsis

The remote web server contains a PHP application that is affected by multiple issues.

Description

The remote host is running Clever Copy, a free, fully-scalable web site portal and news posting system written in PHP

The remote version of this software contains multiple vulnerabilities that can lead to path disclosure, cross-site scripting and unauthorized access to private messages.

Solution

There is no known solution at this time.

See Also

http://www.nessus.org/u?2de3c207

http://www.nessus.org/u?6452dc3e

http://www.nessus.org/u?6f8cfd3f

Plugin Details

Severity: Medium

ID: 19392

File Name: clevercopy_path_disclosure_xss.nasl

Version: 1.25

Type: remote

Family: CGI abuses

Published: 8/7/2005

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: Settings/ParanoidReport, www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 7/16/2005

Reference Information

CVE: CVE-2005-2324, CVE-2005-2325, CVE-2005-2326

BID: 14278, 14395, 14397

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990