phpwcms 1.2.5 Multiple Vulnerabilities

medium Nessus Plugin ID 20216

Synopsis

The remote web server contains a PHP application that is affected by multiple vulnerabilities.

Description

The remote host is running phpwcms, an open source content management system written in PHP.

The version of phpwcms installed on the remote host does not sanitize input to the 'form_lang' parameter of the 'login.php' script before using it in PHP 'include()' functions. An unauthenticated attacker can exploit this issue to read local files and potentially to execute arbitrary PHP code from local files. A similar issue affects the 'imgdir' parameter of the 'img/random_image.php' script, although that can only be used to read local files.

In addition, the application fails to sanitize user-supplied input before using it in dynamically-generated pages, which can be used to conduct cross-site scripting and HTTP response splitting attacks.
Some of these issues require that PHP's 'register_globals' setting be enabled.

Solution

Unknown at this time.

See Also

https://www.securityfocus.com/archive/1/416675

Plugin Details

Severity: Medium

ID: 20216

File Name: phpwcms_mult_flaws.nasl

Version: 1.28

Type: remote

Family: CGI abuses

Published: 11/16/2005

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:phpwcms:phpwcms

Required KB Items: www/PHP, www/phpwcms

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Patch Publication Date: 11/21/2005

Vulnerability Publication Date: 11/14/2005

Reference Information

CVE: CVE-2005-3789

BID: 15436

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990