Detections
Analytics
Directory Manager edit_image.php Arbitrary Command Execution
high Nessus Plugin ID 11104
Synopsis
The web application running on the remote host has a command execution vulnerability.Description
Directory Manager is installed and does not properly filter user input.A remote attacker may use this flaw to execute arbitrary commands.
Solution
Upgrade your software or firewall your web server.See Also
Plugin Details
Severity: High
ID: 11104
File Name: directory_manager.nasl
Version: 1.25
Type: remote
Family: CGI abuses
Published: 8/22/2002
Updated: 1/19/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
Required KB Items: www/PHP
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 9/5/2001
Reference Information
CVE: CVE-2001-1020
BID: 3288