Detections
Analytics

Hosting Controller <= 6.1 Hotfix 2.3 Information Disclosure Vulnerabilities

medium Nessus Plugin ID 19755

Synopsis

The remote web server may give customer PHP scripts access to arbitrary files.

Description

According to its version number, the installation of Hosting Controller on the remote host may allow customers to use PHP scripts to gain access to files outside of their directory, including those belonging to other customers, resellers, or the system itself.

Solution

Apply Hotfix 2.4 or later for version 6.1 or set PHP's 'open_basedir' parameter for each customer's site via the Windows registry.

See Also

http://www.nessus.org/u?6d705b82

https://hostingcontroller.com/english/logs/hotfixlogv61_2_4.html

Plugin Details

Severity: Medium

ID: 19755

File Name: hosting_controller_61_23.nasl

Version: 1.18

Type: local

Family: CGI abuses

Published: 9/19/2005

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 9/15/2005

Reference Information

CVE: CVE-2005-3038

BID: 14840