Detections
Analytics

HAMweather Template.php do_parse_code Function Arbitrary Code Execution

high Nessus Plugin ID 22497

Language:

Synopsis

The remote web server contains an application that allows execution of arbitrary code.

Description

The remote host is running HAMweather, a weather-forecasting software application.

The installed version of HAMweather fails to properly sanitize input to the 'daysonly' parameter before using it to evaluate PHP or Perl code. An unauthenticated attacker can leverage this issue to execute arbitrary code on the remote host subject to the privileges of the web server user id.

Solution

Upgrade to HAMweather 3.9.8.2 Perl/ASP or HAMweather 3.9.8.5 PHP or later.

See Also

http://www.gulftech.org/?node=research&article_id=00115-09302006

http://support.hamweather.com/viewtopic.php?t=6548

Plugin Details

Severity: High

ID: 22497

File Name: hamweather_daysonly_cmd_exec.nasl

Version: 1.13

Type: remote

Family: CGI abuses

Published: 10/4/2006

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.1

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 9/30/2006

Reference Information

CVE: CVE-2006-5185

BID: 20311