Vortex Portal Content Management System Multiple Remote File Inclusion

low Nessus Network Monitor Plugin ID 2745

Synopsis

The remote host is vulnerable to a script injection attack.

Description

The remote host is running Vortex Portal, a content-management system for gaming. This version of Vortex is vulnerable to an 'include' file injection attack. Specifically, the 'act' variable of 'content.php' and 'index.php' is not properly sanitized by the Vortex application. An attacker exploiting this flaw would be able to include arbitrary malicious code within a URI. The attacker would then need to be able to convince a client to browse to the URI. A successful attack would result in the client browser executing malicious code within the context of the Vortex application.

Solution

Ensure that this application is allowed within corporate policies and guidelines.

Plugin Details

Severity: Low

ID: 2745

Family: CGI

Published: 3/23/2005

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS v3

Risk Factor: Low

Base Score: 3.7

Temporal Score: 3.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:H/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:vortex_portal:vortex_portal

Reference Information

CVE: CVE-2005-0879

BID: 12878

Detections

Analytics