Upload Lite upload.cgi Arbitrary File Upload

high Nessus Plugin ID 11359

Synopsis

The remote web server contains a CGI script that may allow arbitrary uploads.

Description

The Upload Lite (upload.cgi) CGI script is installed. This script has a well-known security flaw that lets anyone upload arbitrary files on the remote web server.

Note that Nessus did not test whether uploads are possible, only that the script exists.

Solution

Remove the affected script.

Plugin Details

Severity: High

ID: 11359

File Name: upload_lite_cgi.nasl

Version: 1.19

Type: remote

Family: CGI abuses

Published: 3/12/2003

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

BID: 7051

Detections

Analytics