Detections
Analytics

PostNuke PNphpBB2 includes/functions_admin.php phpbb_root_path Parameter Remote File Inclusion

medium Nessus Plugin ID 21145

Language:

Synopsis

The remote web server contains a PHP script that is prone to a remote file include vulnerability.

Description

The installation of PostNuke on the remote host includes a version of the PNphpBB2 module that fails to sanitize input to the 'phpbb_root_path' parameter of the 'includes/functions_admin.php' script before using it in a PHP 'include_once()' function. Provided PHP's 'register_globals' setting is enabled, an unauthenticated attacker may be able to exploit this issue to view arbitrary files or to execute arbitrary PHP code, possibly taken from third-party hosts.

Solution

Upgrade to PNphpBB2 version 1.2h rc3 or later.

See Also

https://securitytracker.com/id?1016912

Plugin Details

Severity: Medium

ID: 21145

File Name: postnuke_pnphpbb2_phpbb_root_path_file_include.nasl

Version: 1.20

Type: remote

Family: CGI abuses

Published: 3/27/2006

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:postnuke_software_foundation:pnphpbb

Required KB Items: www/postnuke

Excluded KB Items: Settings/disable_cgi_scanning

Exploited by Nessus: true

Vulnerability Publication Date: 9/18/2006

Reference Information

CVE: CVE-2006-4968