PHP-Nuke Network Tools Add-On Arbitrary Command Execution

high Nessus Plugin ID 11106

Synopsis

The remote service is vulnerable to an access control breach.

Description

It is possible to make the remote host execute arbitrary commands through the use of the PHPNuke addon called 'Network Tools'.

An attacker may use this flaw to gain a shell on this system.

Solution

Upgrade to NetTools 0.3 or newer.

Plugin Details

Severity: High

ID: 11106

File Name: nettools_cmd_exec.nasl

Version: 1.22

Type: remote

Family: CGI abuses

Published: 8/22/2002

Updated: 5/12/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:php-nuke:php-nuke

Excluded KB Items: Settings/disable_cgi_scanning

Vulnerability Publication Date: 11/17/2001

Reference Information

CVE: CVE-2001-0899