vpopmail-CGIApps vpasswd.cgi Remote Command Execution

critical Nessus Plugin ID 11165

Synopsis

The remote host has a CGI installed which allow arbitrary code execution on the remote system.

Description

The 'vpasswd.cgi' CGI is installed. Some versions do not properly check for special characters and allow an attacker to execute any command on your system.

Warning : Nessus solely relied on the presence of this CGI, it did not determine if you specific version is vulnerable to that problem

Solution

remove it from /cgi-bin.

Plugin Details

Severity: Critical

ID: 11165

File Name: vpasswd_cgi.nasl

Version: 1.22

Type: remote

Family: CGI abuses

Published: 11/25/2002

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 10/24/2002

Reference Information

BID: 6038

Detections

Analytics