Detections
Analytics
Trouble Ticket Express fid Parameter Arbitrary Remote Code Execution
high Nessus Plugin ID 45083
Language:
Synopsis
The remote web server contains a CGI application that allows arbitrary command execution.Description
The remote host is running Trouble Ticket Express, an open source web-based trouble ticket application written in Perl.At least one module included with the version of Trouble Ticket Express hosted on the remote web server fails to sanitize input to the 'fid' parameter of the 'ttx.cgi' script before using it in an 'open()' statement.
An unauthenticated remote attacker can leverage this issue to execute arbitrary commands subject to the privileges under which the web server operates.
Solution
Update to revision 759 of TTXFile.pm / revision 765 of TTXImage.pm.See Also
http://www.troubleticketexpress.com/alert.html
http://forum.unitedwebcoders.com/index.php/topic,1143.0.html
Plugin Details
Severity: High
ID: 45083
File Name: ttx_fid_cmd_exec.nasl
Version: 1.12
Type: remote
Family: CGI abuses
Published: 3/17/2010
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.2
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 8.2
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Available: true
Exploit Ease: Exploits are available
Exploited by Nessus: true
Patch Publication Date: 3/15/2010
Vulnerability Publication Date: 3/14/2010
Reference Information
BID: 38765