Detections
Analytics

Clever Copy connect.inc Direct Request Information Disclosure

medium Nessus Plugin ID 21215

Language:

Synopsis

The remote web server contains a PHP application that is affected by an information disclosure flaw.

Description

The remote host is running Clever Copy, a free web portal written in PHP.

The version of Clever Copy installed on the remote host fails to limit access to the 'admin/connect.inc' include file, which contains information used by the application to connect to a database. An unauthenticated attacker can view the contents of this file using a simple GET command and use the information to launch other attacks against the affected host.

Solution

Limit access to Clever Copy's admin directory using, say, a .htaccess file.

See Also

http://www.nessus.org/u?c952ae9c

Plugin Details

Severity: Medium

ID: 21215

File Name: clevercopy_info_disclosure.nasl

Version: 1.21

Type: remote

Family: CGI abuses

Published: 4/12/2006

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.0

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 4/7/2006

Reference Information

CVE: CVE-2006-1718

BID: 17461