W-Agora < 4.2.1 index.php site Parameter Traversal Arbitrary File Access

low Nessus Network Monitor Plugin ID 3171

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running W-Agora, a web-based forum management software written in PHP. This version of Agora is vulnerable to a flaw in the way that it handles the 'site' parameter of the index.php script. An attacker exploiting this flaw can supply a directory outside of the web root. Successful exploitation would allow the remote attacker the ability to peruse potentially confidential files outside of the web root (such as /etc/passwd or similar). In addition, the software is vulnerable to several other remote cross-site-scripting (XSS) and script injection flaws. Finally, the application is vulnerable to a multiple 'file include' flaws. An attacker exploiting this flaw would be able to execute arbitrary PHP script code on the W-Agora system. Executed scripts would have the permissions of the webserver process.

Solution

Upgrade to version 4.2.1 or higher.

See Also

http://w-agora.net

Plugin Details

Severity: Low

ID: 3171

Family: Web Servers

Published: 8/18/2005

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS v3

Risk Factor: Low

Base Score: 3.7

Temporal Score: 3.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:H/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:w-agora:w-agora

Reference Information

CVE: CVE-2005-2648, CVE-2006-2228

BID: 14597, 15110, 17751, 18601