Detections
Analytics
@lex Guestbook livre_include.php chem_absolu Parameter Remote File Inclusion
high Nessus Plugin ID 14830
Language:
Synopsis
The remote host is running a web application that is affected by a remote file inclusion vulnerability.Description
The remote host seems to be running @lex guestbook, a guestbook web application written in PHP.The reported version may permit remote attackers, without prior authentication, to include and execute malicious PHP scripts. By modifying the 'chem_absolu' parameter of the 'livre_include.php' script, it is possible to cause arbitrary PHP code to be executed on the remote system.
Solution
There is no known solution at this time.See Also
https://www.securityfocus.com/archive/1/376627/30/0/threaded
Plugin Details
Severity: High
ID: 14830
File Name: atlex_guestbook_file_include.nasl
Version: 1.22
Type: remote
Family: CGI abuses
Published: 9/27/2004
Updated: 1/19/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.9
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2004-1554
CVSS v3
Risk Factor: High
Base Score: 8.3
Temporal Score: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
Vulnerability Information
Required KB Items: www/PHP
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Available: true
Exploit Ease: No exploit is required
Vulnerability Publication Date: 9/28/2004
Reference Information
CVE: CVE-2004-1554
BID: 11260
Secunia: 12679