Caldera 'cdir' Parameter Absolute Path Directory Traversal

medium Nessus Plugin ID 74325

Synopsis

The remote web server hosts a PHP script that is affected by a directory traversal vulnerability.

Description

The Caldera installation on the remote host contains a PHP script that is affected by a directory traversal vulnerability. A remote, unauthenticated attacker can exploit this issue by sending a crafted request to the '/dirmng/index.php' script, allowing access to arbitrary directories on the remote host.

Note that the application is also reportedly affected by a command injection vulnerability, multiple variable injection vulnerabilities, and multiple SQL injection vulnerabilities; however, Nessus has not tested for these issues.

Solution

There is no known solution at this time.

Plugin Details

Severity: Medium

ID: 74325

File Name: caldera_9_20_dir_traversal.nasl

Version: 1.5

Type: remote

Family: CGI abuses

Published: 6/5/2014

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:caldera:caldera

Required KB Items: www/PHP, www/caldera_web

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 5/7/2014

Reference Information

CVE: CVE-2014-2933

BID: 67258

CERT: 693092