Detections
Analytics

CGI Generic Remote File Inclusion

high Nessus Plugin ID 39469

Language:

Synopsis

Arbitrary code may be run on the remote server.

Description

The remote web server hosts CGI scripts that fail to adequately sanitize request strings. By leveraging this issue, an attacker may be able to include a remote file from a remote server and execute arbitrary commands on the target host.

Solution

Restrict access to the vulnerable application. Contact the vendor for a patch or upgrade.

See Also

https://en.wikipedia.org/wiki/Remote_File_Inclusion

http://projects.webappsec.org/w/page/13246955/Remote%20File%20Inclusion

Plugin Details

Severity: High

ID: 39469

File Name: torture_cgi_remote_file_inclusion.nasl

Version: 1.24

Type: remote

Family: CGI abuses

Published: 6/19/2009

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Settings/enable_web_app_tests

Reference Information

CWE: 434, 473, 632, 714, 727, 73, 78, 801, 928, 929, 98