AtomicBoard Multiple Remote Vulnerabilities (Traversal, Path Disc)

medium Nessus Plugin ID 11795

Language:

Synopsis

The remote web server is hosting a web application that is affected by a directory traversal vulnerability.

Description

The remote host is running AtomicBoard, a weblog and message board system written in PHP.

A directory traversal vulnerability exists in the 'location' parameter of the 'index.php' file. An attacker could exploit this in order to read arbitrary files subject to the privileges of the web server process.

Note that it may also be possible to disclose the server path of the AtomicBoard application by supplying a malformed argument to the 'location' variable, though Nessus has not tested for this.

Solution

There is no known solution at this time.

See Also

https://www.securityfocus.com/archive/1/329775/30/0/threaded

Plugin Details

Severity: Medium

ID: 11795

File Name: atomicboard_file_read.nasl

Version: 1.21

Type: remote

Family: CGI abuses

Published: 7/21/2003

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

BID: 8236