CGI Generic Local File Inclusion

medium Nessus Plugin ID 42056

Synopsis

Confidential data may be disclosed on this server.

Description

The remote web server hosts CGI scripts that fail to adequately sanitize request strings. By leveraging this issue, an attacker may be able to include a local file and disclose its content.

Solution

Restrict access to the vulnerable application. Contact the vendor for a patch or upgrade.

See Also

https://en.wikipedia.org/wiki/Remote_File_Inclusion

Plugin Details

Severity: Medium

ID: 42056

File Name: torture_cgi_local_file_inclusion.nasl

Version: 1.17

Type: remote

Family: CGI abuses

Published: 10/7/2009

Updated: 4/7/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: Settings/enable_web_app_tests

Reference Information

CWE: 473, 632, 714, 727, 73, 78, 928, 929, 98