Viralator CGI Script Arbitrary Command Execution

high Nessus Plugin ID 11107

Synopsis

The remote host has an application that may allow arbitrary code execution on the remote system.

Description

The CGI 'viralator.cgi' is installed. Some versions of this CGI are don't check properly the user input and allow anyone to execute arbitrary commands with the privileges of the web server.

** No flaw was tested. Your script might be a safe version.

Solution

Upgrade this script to version 0.9pre2 or later

Plugin Details

Severity: High

ID: 11107

File Name: viralator.nasl

Version: 1.22

Type: remote

Family: CGI abuses

Published: 8/22/2002

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Ease: No exploit is required

Vulnerability Publication Date: 11/1/2001

Reference Information

CVE: CVE-2001-0849

BID: 3495