AWStats Totals awstatstotals.php multisort() Function sort Parameter Arbitrary PHP Code Execution

high Nessus Plugin ID 34055

Synopsis

The remote web server contains a PHP script that is prone to arbitrary code execution.

Description

The remote web server is running a version of awstatstotals.php which does not properly sanitize its 'sort' argument. An attacker can run arbitrary commands on the remote host within the context of the web server.

Solution

Upgrade to Telartis AWStats Totals 1.15

See Also

https://www.securityfocus.com/archive/1/[email protected]

https://www.telartis.nl/en/awstats

Plugin Details

Severity: High

ID: 34055

File Name: awstatstotals_sort_remote_exec.nasl

Version: 1.21

Type: remote

Family: CGI abuses

Published: 8/27/2008

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Exploitable With

Metasploit (AWStats Totals multisort Remote Command Execution)

Elliot (Awstats Totals <= 1.14 RCE)

Reference Information

CVE: CVE-2008-3922

BID: 30856

CWE: 94