Detections
Analytics
XOOPS xoopsConfig Parameter Variable Overwrite Local File Inclusion
medium Nessus Plugin ID 21581
Language:
Synopsis
The remote web server contains a PHP application that is vulnerable to local file include attacks.Description
The version of XOOPS installed on the remote host allows an unauthenticated attacker to skip processing of the application's 'include/common.php' script and thereby to gain control of the variables '$xoopsConfig[language]' and '$xoopsConfig[theme_set]', which are used by various scripts to include PHP code from other files. Successful exploitation of these issues requires that PHP's 'register_globals' setting be enabled and can be used to view arbitrary files or to execute arbitrary PHP code on the remote host, subject to the privileges of the web server user id.Solution
Unknown at this time.See Also
https://www.securityfocus.com/archive/1/434698/30/0/threaded
Plugin Details
Severity: Medium
ID: 21581
File Name: xoops_nocommon_file_include.nasl
Version: 1.16
Type: remote
Family: CGI abuses
Published: 5/23/2006
Updated: 6/1/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.0
CVSS v2
Risk Factor: Medium
Base Score: 5.1
Temporal Score: 4
Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P
Vulnerability Information
Required KB Items: www/xoops
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No exploit is required
Vulnerability Publication Date: 5/21/2006
Reference Information
CVE: CVE-2006-2516
BID: 18061