Detections
Analytics

PHP-Fusion extract() Global Variable Overwriting

low Nessus Plugin ID 22316

Language:

Synopsis

The remote web server hosts a PHP script that is affected by a variable overwriting flaw.

Description

The version of PHP-Fusion on the remote host supports registering variables from user-supplied input in the event that PHP's 'register_globals' setting is disabled, which is the default in current versions of PHP. Unfortunately, the way that this has been implemented in the version on the remote host does not restrict the variables that can be registered. Consequently, an unauthenticated, remote attacker can leverage this flaw to launch various attacks against the affected application.

Solution

Upgrade to version 6.01.5 or later.

See Also

http://www.nessus.org/u?27bfc08c

https://www.securityfocus.com/archive/1/445480/30/0/threaded

https://www.php-fusion.co.uk/infusions/news/news.php?readmore=353

Plugin Details

Severity: Low

ID: 22316

File Name: php_fusion_extract_sql_injections.nasl

Version: 1.25

Type: remote

Family: CGI abuses

Published: 9/8/2006

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Low

Base Score: 2.6

Temporal Score: 2

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:php_fusion:php_fusion

Required KB Items: www/PHP, www/php_fusion

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Patch Publication Date: 9/2/2006

Vulnerability Publication Date: 9/7/2006

Reference Information

CVE: CVE-2006-4673

BID: 19908, 19910