Detections
Analytics

ADOdb tmssql.php do Parameter Arbitrary PHP Function Execution

high Nessus Plugin ID 20384

Language:

Synopsis

The remote web server has a PHP script that allows execution of arbitrary code.

Description

The remote host is running ADOdb, a database abstraction library for PHP.

The installed version of ADOdb includes a test script named 'tmssql.php' that fails to sanitize user input to the 'do' parameter before using it execute PHP code. An attacker can exploit this issue to execute arbitrary PHP code on the affected host subject to the permissions of the web server user id.

Solution

Remove the test script or upgrade to ADOdb version 4.70 or higher.

See Also

https://secuniaresearch.flexerasoftware.com/community/research/

http://www.nessus.org/u?540d6007

Plugin Details

Severity: High

ID: 20384

File Name: adodb_do_cmd_execution.nasl

Version: 1.20

Type: remote

Family: CGI abuses

Published: 1/10/2006

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: www/PHP, Settings/ThoroughTests

Excluded KB Items: Settings/disable_cgi_scanning

Vulnerability Publication Date: 1/9/2006

Reference Information

CVE: CVE-2006-0147