Detections
Analytics

php-Charts wizard/index.php PHP Execution

high Nessus Plugin ID 67174

Language:

Synopsis

The remote web server hosts an application that allows arbitrary PHP code execution.

Description

The php-Charts install hosted on the remote web server contains a flaw that could allow arbitrary PHP code execution. Input passed to the 'wizard/index.php' script is not properly sanitized before being used in an eval() call. An unauthenticated, remote attacker could leverage this vulnerability to execute arbitrary PHP code on the remote host.

Solution

Unknown at this time.

See Also

http://www.php-charts.com

Plugin Details

Severity: High

ID: 67174

File Name: php_charts_wizard_type_code_exec.nasl

Version: 1.11

Type: remote

Family: CGI abuses

Published: 7/3/2013

Updated: 11/22/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Vulnerability Information

CPE: x-cpe:/a:php_charts:php_charts

Required KB Items: www/php-charts

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 5/17/2013

Exploitable With

Metasploit (PHP-Charts v1.0 PHP Code Execution Vulnerability)

Reference Information

BID: 57448