PHP Topsites counter.php count_log_file Parameter Arbitrary File Overwrite

medium Nessus Plugin ID 11611

Language:

Synopsis

A web application running on the remote host has a file overwrite vulnerability.

Description

The remote host has the cgi 'counter.php' installed.

This CGI contains a flaw that can be abused by an attacker to overwrite arbitrary files on the system with the privileges of the web server.

Solution

Remove this CGI from the web server.

Plugin Details

Severity: Medium

ID: 11611

File Name: counter_php_file_overwrite.nasl

Version: 1.17

Type: remote

Family: CGI abuses

Published: 5/9/2003

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning