Blueshoes GoogleSearch.php APP[path][lib] Parameter Remote File Inclusion

medium Nessus Network Monitor Plugin ID 3793

Synopsis

The remote host is vulnerable to a file-include injection flaw.

Description

The remote host is running the Blueshoes framework, a PHP framework for creating web applications. This version of Blueshoes is vulnerable to a flaw in the GoogleSearch.php script. An attacker exploiting this flaw would be able to execute arbitrary PHP code on the target server. Successful exploitation would give the attacker the same rights as the web process.

Solution

No solution is known at this time.

See Also

http://www.blueshoes.org

Plugin Details

Severity: Medium

ID: 3793

Family: CGI

Published: 10/11/2006

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: Medium

Base Score: 5.1

Temporal Score: 4.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 5.3

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:W/RC:X

Vulnerability Information

CPE: cpe:/a:blueshoes:blueshoes_framework

Reference Information

CVE: CVE-2006-5250

BID: 20450