webadmin.php show Parameter Arbitrary File Access

high Nessus Plugin ID 18586

Language:

Synopsis

It is possible to read arbitrary files on the remote host.

Description

webadmin.php was found on your web server. In its current configuration, this file manager CGI gives access to the whole filesystem of the machine to anybody.

Solution

Restrict access to this CGI or remove it.

Plugin Details

Severity: High

ID: 18586

File Name: unprotected_webadmin_php.nasl

Version: 1.13

Type: remote

Family: CGI abuses

Published: 6/29/2005

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Detections

Analytics