X2Engine < 3.7.4 Multiple Vulnerabilities

medium Nessus Plugin ID 81514

Language:

Synopsis

The remote web server contains a PHP application that is affected by multiple vulnerabilities.

Description

According to its version number, the X2Engine application installed on the remote web server is prior to version 3.7.4. It is, therefore, potentially affected by multiple vulnerabilities :

- Multiple SQL injection vulnerabilities exist in the 'lastEventId' and 'lastTimestamp' HTTP GET parameters of the '/index.php/profile/getEvents' script.

- Multiple cross-site scripting (XSS) vulnerabilities exist in the 'Contacts[firstName]', 'Contacts[website]', 'Contacts[company]', and 'Contacts[interest]' HTTP POST parameters of the '/index.php/contacts/create' script;
and the 'Docs[name]' HTTP POST parameter of the '/index.php/docs/create' script.

- An arbitrary file upload vulnerability exists due to the '/index.php/media/ajaxUpload' script not properly validating user-uploaded files.

- A DOM-based cross-site scripting (XSS) vulnerability exists in the 'CKEditorFuncNum' HTTP POST parameter of the '/index.php/media/ajaxUpload' script.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to version 3.7.4 or later.

Plugin Details

Severity: Medium

ID: 81514

File Name: x2engine_3_7_4.nasl

Version: 1.8

Type: remote

Family: CGI abuses

Published: 2/25/2015

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:x2engine:x2crm

Required KB Items: www/PHP, Settings/ParanoidReport, installed_sw/X2Engine

Exploit Ease: No known exploits are available

Patch Publication Date: 3/4/2014

Vulnerability Publication Date: 2/27/2014

Reference Information

BID: 65887

Detections

Analytics