Detections
Analytics
myEvent Multiple Remote Vulnerabilities
high Nessus Plugin ID 21246
Language:
Synopsis
The remote web server contains a PHP application that is affected by multiple vulnerabilities.Description
The remote host is running myEvent, a calendar application written in PHP.The installed version of myEvent fails to sanitize user input to the 'myevent_path' parameter in several scripts before using it to include PHP code from other files. An unauthenticated attacker may be able to read arbitrary local files or include a file from a remote host that contains commands which will be executed on the remote host subject to the privileges of the web server process.
In addition, user input to the 'event_id' parameter in 'addevent.php' and 'del.php', and to the 'event_desc' parameter in 'addevent.php' is not properly sanitized before being used in a SQL query, which could allow an attacker to insert arbitrary SQL statements in the remote database. A similar lack of sanitation involving the 'event_desc' parameter of 'addevent.php' allows for cross-site scripting attacks against the affected application.
These flaws are exploitable only if PHP's register_globals is enabled.
Solution
Unknown at this time.See Also
Plugin Details
Severity: High
ID: 21246
File Name: myevent_multiple_flaws.nasl
Version: 1.21
Type: remote
Family: CGI abuses
Published: 4/21/2006
Updated: 1/19/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.3
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
Required KB Items: www/PHP
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Available: true
Exploit Ease: Exploits are available
Exploited by Nessus: true
Vulnerability Publication Date: 4/16/2006