Campsite TinyMCE plugin 'attachments.php' 'article_id' Parameter SQL Injection

high Nessus Plugin ID 46237

Synopsis

The remote web server hosts a PHP application that is vulnerable to a SQL injection attack.

Description

The version of Campsite installed on the remote host fails to properly sanitize user-supplied input to the 'article_id' parameter of the 'javascript/tinymce/plugins/campsiteattachment/attachments.php' script.

An unauthenticated, remote attacker can leverage this issue to launch a SQL injection attack against the affected application, leading to authentication bypass, discovery of sensitive information, attacks against the underlying database, and the like.

Solution

Apply the vendor-supplied patch.

See Also

http://www.nessus.org/u?709361da

http://www.nessus.org/u?41e2e832

Plugin Details

Severity: High

ID: 46237

File Name: campsite_tinymce_attachment_sql_injection.nasl

Version: 1.17

Type: remote

Family: CGI abuses

Published: 5/5/2010

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:campware.org:campsite

Required KB Items: www/PHP, www/campsite

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No known exploits are available

Exploited by Nessus: true

Patch Publication Date: 4/30/2010

Vulnerability Publication Date: 5/1/2010

Reference Information

CVE: CVE-2010-1867

BID: 39862

SECUNIA: 39580