Detections
Analytics

DCP-Portal lib.php root Parameter Remote File Inclusion

high Nessus Plugin ID 11476

Language:

Synopsis

An application running on the remote web server has a remote file include vulnerability.

Description

DCP-Portal has a remote file include vulnerability. A remote attacker could exploit this to execute arbitrary PHP code in the context of the web server.

Solution

There is no known solution at this time. It appears this application has not been actively maintained for several years.

See Also

https://www.securityfocus.com/archive/1/305358

Plugin Details

Severity: High

ID: 11476

File Name: dcp_portal_injection.nasl

Version: 1.25

Type: remote

Family: CGI abuses

Published: 3/26/2003

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: No cve available for this vulnerability.

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: manual

CVSS v3

Risk Factor: High

Base Score: 8.3

Temporal Score: 8.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:H/RL:U/RC:X

Vulnerability Information

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 1/4/2003

Reference Information

BID: 6525

Secunia: 7834