Detections
Analytics
VHCS include/sql.php include_path Parameter Remote File Inclusion
medium Nessus Plugin ID 22077
Language:
Synopsis
The remote web server contains a PHP application that is prone to a remote file include attack.Description
The remote host is running VHCS, a control panel for hosting providers.The GUI portion of the version of VHCS installed on the remote host fails to sanitize input to the 'include_path' parameter of the 'include/sql.php' script before using it to include PHP code. Provided PHP's 'register_globals' setting is enabled, an unauthenticated attacker may be able to exploit these flaws to view arbitrary files on the remote host or to execute arbitrary PHP code, possibly taken from third-party hosts.
Solution
Either upgrade to VHCS 2.4 beta or later or update the GUI as outlined in the project's advisory above.See Also
http://www.kernelpanik.org/docs/kernelpanik/vhcs22.en.txt
http://vhcs.net/new/modules/newbb/viewtopic.php?topic_id=1208&forum=5
http://vhcs.net/new/modules/newbb/viewtopic.php?topic_id=1576&forum=5
Plugin Details
Severity: Medium
ID: 22077
File Name: vhcs_include_path_file_include.nasl
Version: 1.15
Type: remote
Family: CGI abuses
Published: 7/19/2006
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vulnerability Information
Required KB Items: www/PHP
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Available: true
Exploit Ease: No exploit is required
Vulnerability Publication Date: 1/10/2005
Reference Information
BID: 12178