Synopsis
The remote web server contains a PHP application that is affected by an information disclosure vulnerability.
Description
The version of Simple PHP Blog installed on the remote host allows an unauthenticated, remote attacker to retrieve information about non-admin users defined to the application, including their user names and password hashes, which could in turn be used to gain access to the application.
While these users do not have administrative access to the application, they may have the ability to moderate comments, delete blog entries, or edit entries. They may also have the ability to execute arbitrary code by leveraging a vulnerability involving uploading of 'emoticons', although Nessus has not tested this issue.
Solution
Unknown at this time.
Plugin Details
File Name: sphpblog_users_disclosure.nasl
Configuration: Enable thorough checks
Supported Sensors: Nessus
Vulnerability Information
Required KB Items: www/sphpblog
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: Exploits are available
Exploited by Nessus: true
Reference Information
BID: 30857