Help Center Live Multiple Vulnerabilities (SQLi, XSS, CSRF)

medium Nessus Plugin ID 18296

Synopsis

The remote web server contains a PHP application that suffers from multiple vulnerabilities.

Description

The remote host is running Help Center Live, a help desk written in PHP that suffers from multiple vulnerabilities:

- Multiple SQL Injection Vulnerabilities The application fails in many cases to sanitize user- supplied input before using it in database queries. As long as PHP's 'magic_quotes_gpc' setting is 'off', an attacker can exploit these flaws to uncover sensitive information such as user's names and password hashes.

- Multiple Cross-Site Scripting Vulnerabilities.
There are several ways that an attacker can inject arbitrary HTML and script code into a user's browser via the affected application. By exploiting them, an attacker can not only steal cookies but also cause a logged-in admin to perform arbitrary requests.

- A Cross-Site Request Forgery issue was reported in view.php.

Solution

Contact the vendor for a patch.

See Also

http://www.nessus.org/u?6d22c288

Plugin Details

Severity: Medium

ID: 18296

File Name: hcl_mult_vulns.nasl

Version: 1.23

Type: remote

Family: CGI abuses

Published: 5/18/2005

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 5/17/2005

Reference Information

CVE: CVE-2005-1672, CVE-2005-1673, CVE-2005-1674

BID: 13666, 13667

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990