Artica mailattach Parameter Directory Traversal

high Nessus Plugin ID 50325

Synopsis

The remote web server contains a web application that is susceptible to a directory traversal attack.

Description

The installed version of Artica fails to sanitize user-supplied input to the 'mailattach' parameter of the 'images.listener.php' scrip. By prefixing directory traversal strings such as '../' to the 'mailattach' parameter a remote, unauthenticated attacker could exploit this vulnerability to read arbitrary files from the remote system.

Although Nessus has not checked for them, the installed version is also likely to be affected by several other vulnerabilities, including information disclosure, cross-site scripting, SQL injection and directory traversal.

Solution

Upgrade to Artica v1.4.092916 or later.

See Also

http://www.nessus.org/u?608c90db

http://www.artica.fr/forum/viewtopic.php?f=11&t=2734

Plugin Details

Severity: High

ID: 50325

File Name: artica_mailattach_dir_traversal1.nasl

Version: 1.10

Type: remote

Family: CGI abuses

Published: 10/25/2010

Updated: 1/19/2021

Supported Sensors: Nessus

Vulnerability Information

Required KB Items: www/lighttpd, www/artica

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/30/2010

Vulnerability Publication Date: 9/30/2010

Reference Information

BID: 43613

Secunia: 41675