PHP Easy Download admin/save.php moreinfo Parameter Code Injection

high Nessus Plugin ID 23774

Language:

Synopsis

The remote web server contains a PHP script that is affected by a remote code execution issue.

Description

The version of PHP Easy Download installed on the remote host fails to sanitize input to the 'moreinfo' parameter before using it in the 'save.php' script. By sending a specially crafted value, an attacker can store and execute code at the privilege level of the remote web server.

Solution

Upgrade to version 2.5 or later as that version is reportedly not affected.

Plugin Details

Severity: High

ID: 23774

File Name: phpeasydownload_code_injection.nasl

Version: 1.23

Type: remote

Family: CGI abuses

Published: 12/7/2006

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:php_easy_download:php_easy_download

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 11/18/2006

Reference Information

BID: 21179

SECUNIA: 23002

Detections

Analytics