Detections
Analytics
e107 ePing Plugin doping.php Arbitrary Code Execution
high Nessus Plugin ID 18461
Language:
Synopsis
The remote web server hosts a PHP script that is prone to arbitrary command execution.Description
The installation of e107 on the remote host includes a version of the ePing plugin that is affected by a command execution vulnerability. This plugin fails to sanitize the 'eping_cmd', 'eping_count' and/or 'eping_host' parameters of the 'doping.php' script before using them in a system() call. An attacker can exploit this flaw to execute arbitrary shell commands subject to the privileges of the userid under which the affected application runs.Solution
Upgrade to ePing plugin version 1.03 or later.See Also
https://www.securityfocus.com/archive/1/401862/30/0/threaded
https://www.securityfocus.com/archive/1/407475/30/0/threaded
Plugin Details
Severity: High
ID: 18461
File Name: e107_eping_code_execution.nasl
Version: 1.25
Type: remote
Family: CGI abuses
Published: 6/10/2005
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.5
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:e107:e107
Required KB Items: www/e107
Exploit Available: true
Exploit Ease: No exploit is required
Vulnerability Publication Date: 6/10/2005
Reference Information
CVE: CVE-2005-2559
BID: 13929