Detections
Analytics
Horde < 3.1 go.php url Parameter File Disclosure
medium Nessus Network Monitor Plugin ID 3477
Synopsis
The remote web server contains a PHP application that is affected by an information disclosure flaw.Description
The remote web server contains a PHP application that is affected by an information disclosure flaw. The version of Horde installed on the remote host fails to validate input to the 'url' parameter of the 'services/go.php' script before using it to read files and return their contents. An unauthenticated attacker may be able to leverage this issue to retrieve the contents of arbitrary files on the affected host subject to the privileges of the web server user ID. This can result in the disclosure of authentication credentials used by the affected application as well as other sensitive information. Note that successful exploitation of this issue seems to require that PHP's 'magic_quotes_gpc' be disabled, although this has not been confirmed by the vendor.Solution
Upgrade to version 3.1 or higher.Plugin Details
Severity: Medium
ID: 3477
Family: CGI
Published: 3/16/2006
Updated: 3/6/2019
Nessus ID: 21081
Risk Information
VPR
Risk Factor: Medium
Score: 4.2
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 4.1
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS v3
Risk Factor: Medium
Base Score: 5.3
Temporal Score: 4.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:horde:horde_application_framework
Reference Information
CVE: CVE-2006-1260
BID: 17117