Detections
Analytics
e107 download.php extract() Function Variable Overwrite
high Nessus Plugin ID 33856
Language:
Synopsis
The remote web server contains a PHP application that is affected by variable overwriting vulnerability.Description
The version of e107 installed on the remote host contains an unsafe call to 'extract()' in the 'download.php' script. An unauthenticated, remote attacker can leverage this issue to overwrite arbitrary PHP variables, leading to arbitrary PHP code execution, SQL injection, as well as other sorts of attacks.Solution
Upgrade to version 0.7.12 or later.See Also
http://www.nessus.org/u?0f612ec9
http://old.e107.org/e107_plugins/bugtrack/changelog.php?0712
Plugin Details
Severity: High
ID: 33856
File Name: e107_extract_var_overwriting.nasl
Version: 1.21
Type: remote
Family: CGI abuses
Published: 8/10/2008
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.2
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 8.2
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:e107:e107
Required KB Items: www/e107
Exploit Available: true
Exploit Ease: Exploits are available
Exploited by Nessus: true
Patch Publication Date: 8/25/2008
Vulnerability Publication Date: 8/7/2008
Reference Information
BID: 30601