Artica < 1.4.101900 mailattach Parameter Directory Traversal

high Nessus Plugin ID 50326

Synopsis

The remote web server contains a web application that is susceptible to a directory traversal attack.

Description

The installed version of Artica fails to sanitize user-supplied input to the 'mailattach' parameter of the 'images.listener.php' script. By prefixing directory traversal strings such as '....//' to the 'mailattach' parameter a remote, unauthenticated attacker could exploit this vulnerability to read arbitrary files from the remote system.

Solution

Upgrade to Artica v1.4.101900 or later.

See Also

http://www.artica.fr/index.php/get-a-download-artica/nightly-builds

Plugin Details

Severity: High

ID: 50326

File Name: artica_mailattach_dir_traversal2.nasl

Version: 1.7

Type: remote

Family: CGI abuses

Published: 10/25/2010

Updated: 1/19/2021

Supported Sensors: Nessus

Vulnerability Information

Required KB Items: www/lighttpd, www/artica

Excluded KB Items: Settings/disable_cgi_scanning

Patch Publication Date: 10/19/2010

Vulnerability Publication Date: 10/19/2010