PerlDesk pdesk.cgi lang Parameter Traversal Arbitrary File Access

medium Nessus Plugin ID 14733

Language:

Synopsis

It is possible to read arbitrary files from the remote system.

Description

The remote host is running PerlDesk, a web-based help desk and email management application written in perl.

There is a file inclusion issue in the remote version of this software which may allow an attacker to read fragments of arbitrary files on the remote host and to execute arbirary perl scripts, provided that an attacker may upload a script in the first place.

Solution

Upgrade to the latest version of this software.

Plugin Details

Severity: Medium

ID: 14733

File Name: perldesk_script_exec.nasl

Version: 1.14

Type: remote

Family: CGI abuses

Published: 9/15/2004

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.5

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Exploit Ease: No exploit is required

Vulnerability Publication Date: 9/12/2004

Reference Information

CVE: CVE-2004-1678

BID: 11160

Detections

Analytics