Detections
Analytics

phpSysInfo < 2.4.1 Multiple Vulnerabilities

medium Nessus Plugin ID 20215

Language:

Synopsis

The remote web server contains a PHP application that is affected by multiple vulnerabilities.

Description

The remote host is running phpSysInfo, a PHP application that parses the /proc entries on Linux/Unix systems and displays them in HTML.

The installed version of phpSysInfo on the remote host has a design flaw in its globalization layer such that the script's variables can be overwritten independent of PHP's 'register_globals' setting. By exploiting this issue, an attacker may be able to read arbitrary files on the remote host and even execute arbitrary PHP code, both subject to the privileges of the web server user id.

In addition, the application fails to sanitize user-supplied input before using it in dynamically-generated pages, which can be used to conduct cross-site scripting and HTTP response splitting attacks.

Solution

Upgrade to phpSysInfo 2.4.1 or later.

See Also

http://www.hardened-php.net/advisory_222005.81.html

Plugin Details

Severity: Medium

ID: 20215

File Name: phpsysinfo_241.nasl

Version: 1.22

Type: remote

Family: CGI abuses

Published: 11/16/2005

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:phpsysinfo:phpsysinfo

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 1/18/2003

Reference Information

CVE: CVE-2003-0536, CVE-2005-0870, CVE-2005-3347, CVE-2005-3348

BID: 7286, 15396, 15414

CWE: 22, 352