Detections
Analytics

ModernBill <= 4.3.0 Multiple Vulnerabilities

medium Nessus Plugin ID 18008

Language:

Synopsis

The remote web server contains a PHP application that suffers from multiple vulnerabilities.

Description

The version of ModernBill installed on the remote host is subject to multiple vulnerabilities :

 - A Remote File Include Vulnerability The application fails to sanitize the parameter 'DIR' before using it in the script 'news.php'. An attacker can exploit this flaw to browse or execute arbitrary files on the remote host. Further, if PHP's 'allow_url_fopen' setting is enabled, files to be executed can even come from a web server under the attacker's control.

 - Multiple Cross-Site Scripting Vulnerabilities An attacker can inject arbitrary HTML and script code via the parameters 'c_code' and 'aid' in the script 'orderwiz.php' in order to steal cookie-based authentication credentials for the remote host or launch other such attacks.

Solution

Upgrade to ModernBill 4.3.1 or later.

See Also

http://www.gulftech.org/?node=research&article_id=00067-04102005

https://seclists.org/bugtraq/2005/Apr/135

http://www.moderngigabyte.com/modernbill/forums/showthread.php?t=20520

Plugin Details

Severity: Medium

ID: 18008

File Name: modernbill_4_3_0.nasl

Version: 1.18

Type: remote

Family: CGI abuses

Published: 4/11/2005

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 4/10/2005

Reference Information

CVE: CVE-2005-1053, CVE-2005-1054

BID: 13086, 13087, 13089

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990