Detections
Analytics

e107 db.php User Database Disclosure

medium Nessus Plugin ID 11805

Language:

Synopsis

The remote web server hosts a PHP application that suffers from an information disclosure flaw.

Description

The version of e107 installed on the remote host is affected by an information disclosure vulnerability because of a flaw in the 'admin/db.php' script. This can allow an unauthenticated, remote attacker to obtain a dump of the SQL database used by e107, by sending a specially crafted request. An attacker may use this flaw to obtain the MD5 hashes of the passwords of the users of the web site.

Note that the vendor claims the db_dump code requires admin credentials; however, Nessus was able to exploit this issue without authentication.

Solution

Upgrade to version 0.600 or later.

See Also

https://www.securityfocus.com/archive/1/330332

https://seclists.org/bugtraq/2003/Jul/62

https://e107.org/print.php?news.392

Plugin Details

Severity: Medium

ID: 11805

File Name: e107_db_dump.nasl

Version: 1.28

Type: remote

Family: CGI abuses

Published: 7/24/2003

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:e107:e107

Required KB Items: www/e107

Exploit Available: true

Exploit Ease: No exploit is required

Exploited by Nessus: true

Patch Publication Date: 8/4/2003

Vulnerability Publication Date: 7/24/2003

Reference Information

BID: 8273