GLSA-200605-04 : phpWebSite: Local file inclusion

This script is Copyright (C) 2006-2014 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-200605-04
(phpWebSite: Local file inclusion)

rgod has reported that the 'hub_dir' parameter in 'index.php'
isn't properly verified. When 'magic_quotes_gpc' is disabled, this can
be exploited to include arbitrary files from local ressources.

Impact :

If 'magic_quotes_gpc' is disabled, which is not the default on
Gentoo Linux, a remote attacker could exploit this issue to include and
execute PHP scripts from local ressources with the rights of the user
running the web server, or to disclose sensitive information and
potentially compromise a vulnerable system.

Workaround :

There is no known workaround at this time.

See also :

Solution :

All phpWebSite users should upgrade to the latest available
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-apps/phpwebsite-0.10.2'

Risk factor :

High / CVSS Base Score : 7.5

Family: Gentoo Local Security Checks

Nessus Plugin ID: 21319 (gentoo_GLSA-200605-04.nasl)

Bugtraq ID:

CVE ID: CVE-2006-1819

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now