Detections
Analytics

Docebo GLOBALS Variable Overwrite Remote File Inclusion

medium Nessus Plugin ID 22235

Language:

Synopsis

The remote host contains a PHP application that is vulnerable to remote and local file inclusions.

Description

At least one Docebo application is installed on the remote host.

Docebo has multiple PHP based applications, including a content management system (DoceboCMS), a e-learning platform (DoceboLMS) and a knowledge maintenance system (DoceboKMS)

By using a flaw in some PHP versions (PHP4 <= 4.4.0 and PHP5 <= 5.0.5) it is possible to include files by overwriting the $GLOBALS variable.

This flaw exists if PHP's register_globals is enabled.

Solution

Disable PHP's register_globals and/or upgrade to a newer PHP release. The author has also released a patch to address the issues.

See Also

https://secuniaresearch.flexerasoftware.com/advisories/20260/

http://www.hardened-php.net/advisory_202005.79.html

http://www.nessus.org/u?ecd946e9

Plugin Details

Severity: Medium

ID: 22235

File Name: docebo_globals_overwrite.nasl

Version: 1.20

Type: remote

Family: CGI abuses

Published: 8/17/2006

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: Medium

Base Score: 5.1

Temporal Score: 4.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 5/21/2006

Reference Information

CVE: CVE-2006-2576, CVE-2006-2577

BID: 18109