PHPix album Parameter Encoded Traversal Arbitrary File/Directory Access

medium Nessus Plugin ID 10574

Synopsis

Arbitrary files can be read on the remote host.

Description

The PHPix program allows an attacker to read arbitrary files on the remote web server, prefixing the pathname of the file with ..%2F..%2F..

For example:

GET /Album/?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0

will return all the files that are nested within /etc directory.

Solution

Contact your vendor for the latest software release.

Plugin Details

Severity: Medium

ID: 10574

File Name: phpix.nasl

Version: 1.26

Type: remote

Family: CGI abuses

Published: 12/11/2000

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:phpix:phpix

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 10/7/2000

Reference Information

CVE: CVE-2000-0919

BID: 1773

Detections

Analytics