Detections
Analytics
Shop-Script admin.php Admin Panel Security Bypass
high Nessus Plugin ID 26065
Language:
Synopsis
The remote web server contains a PHP application that is affected by an authentication bypass vulnerability.Description
The remote host is running Shop-Script, a shopping cart software application written in PHP.The version of Shop-Script installed on the remote host fails to halt execution of the script 'admin.php' if an attacker is not authenticated. The attacker could then effectively bypass the authentication check and gain control of the application.
Note that the application is also likely affected by another vulnerability that allows for arbitrary code execution by means of specially crafted changes to the application's Appearance configuration settings, although Nessus has not checked for this.
By leveraging these two issues, an unauthenticated, remote attacker would probably be able to execute arbitrary code on the affected host subject to the privileges of the web server user id.
Solution
Unknown at this time.Plugin Details
Severity: High
ID: 26065
File Name: shop_script_admin_bypass.nasl
Version: 1.21
Type: remote
Family: CGI abuses
Published: 9/19/2007
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.3
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
Required KB Items: www/PHP
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No exploit is required
Reference Information
CVE: CVE-2007-4932
BID: 25695
CWE: 20