Detections
Analytics
phpAdsNew / phpPgAds < 2.0.6 Multiple Vulnerabilities
high Nessus Plugin ID 19518
Language:
Synopsis
The remote web server contains a PHP application that is affected by multiple vulnerabilities.Description
The remote host is running phpAdsNew / phpPgAds, an open source banner ad server.The version of phpAdsNews / phpPgAds installed on the remote host suffers from several flaws :
- Remote PHP Code Injection Vulnerability The XML-RPC library bundled with the application allows an attacker to inject arbitrary PHP code via the 'adxmlrpc.php' script to be executed within the context of the affected web server user id.
- Multiple Local File Include Vulnerabilities The application fails to sanitize user-supplied input to the 'layerstyle' parameter of the 'adlayer.php' script and the 'language' parameter of the 'admin/js-form.php' script before using them to include PHP files for execution. An attacker can exploit these issues to read arbitrary local files provided PHP's 'magic_quotes' directive is disabled.
- SQL Injection Vulnerability An attacker can manipulate SQL queries via input to the 'clientid' parameter of the 'libraries/lib-view-direct.inc.php' script.
Solution
Upgrade to phpAdsNew / phpPgAds 2.0.6 or later.See Also
http://www.hardened-php.net/advisory_152005.67.html
https://www.securityfocus.com/archive/1/408423/30/120/threaded
Plugin Details
Severity: High
ID: 19518
File Name: phpadsnew_206.nasl
Version: 1.24
Type: remote
Family: CGI abuses
Published: 8/29/2005
Updated: 1/19/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:phpadsnew:phpadsnew
Required KB Items: www/PHP
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No exploit is required
Vulnerability Publication Date: 8/15/2005