Detections
Analytics

CafeLog B2 Multiple Script Remote File Inclusion

high Nessus Plugin ID 11667

Language:

Synopsis

The remote host is running a web application that is affected by a remote file include vulnerability.

Description

The remote web server is running CafeLog, a blogging application written in PHP. The 'blogger-2-b2.php' and 'gm-2-b2.php' scripts are affected by a flaw that could allow an attacker to inject code. An attacker could exploit this to execute arbitrary code on the remote host subject to the privileges of the affected web server.

Solution

There is no known solution at this time.

See Also

https://seclists.org/bugtraq/2003/May/317

Plugin Details

Severity: High

ID: 11667

File Name: b2cafelog_command_injection.nasl

Version: 1.26

Type: remote

Family: CGI abuses

Published: 5/29/2003

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: No cve available for this vulnerability.

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: manual

CVSS v3

Risk Factor: High

Base Score: 8.3

Temporal Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:H/RL:W/RC:X

Vulnerability Information

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

BID: 7738