Detections
Analytics
e107 download.php extract() Function Variable Overwrite
high Nessus Plugin ID 33856
Language:
Synopsis
The remote web server contains a PHP application that is affected by variable overwriting vulnerability.Description
The version of e107 installed on the remote host contains an unsafe call to 'extract()' in the 'download.php' script. An unauthenticated, remote attacker can leverage this issue to overwrite arbitrary PHP variables, leading to arbitrary PHP code execution, SQL injection, as well as other sorts of attacks.Solution
Upgrade to version 0.7.12 or later.See Also
http://www.nessus.org/u?0f612ec9
http://old.e107.org/e107_plugins/bugtrack/changelog.php?0712
Plugin Details
Severity: High
ID: 33856
File Name: e107_extract_var_overwriting.nasl
Version: 1.22
Type: remote
Family: CGI abuses
Published: 8/10/2008
Updated: 6/5/2024
Configuration: Enable thorough checks
Supported Sensors: Nessus
Enable CGI Scanning: true
Vulnerability Information
CPE: cpe:/a:e107:e107
Required KB Items: www/e107
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Available: true
Exploit Ease: Exploits are available
Exploited by Nessus: true
Patch Publication Date: 8/25/2008
Vulnerability Publication Date: 8/7/2008
Reference Information
BID: 30601