PHP-Ping index.php pingto Parameter Arbitrary Code Execution

high Nessus Plugin ID 11324

Synopsis

Arbitrary commands may be run on the remote host.

Description

It is possible to make the remote host execute arbitrary DOS commands using the CGI phpping.

An attacker may use this flaw to gain a shell with the privileges of the web server.

Solution

See http://www.nessus.org/u?1ed5dd75 or contact the vendor for a patch

Plugin Details

Severity: High

ID: 11324

File Name: phpping_code_execution.nasl

Version: 1.18

Type: remote

Family: CGI abuses

Published: 3/6/2003

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:theworldsend.net:php-ping

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Detections

Analytics