PHPix index.phtml Multiple Parameter Arbitrary Command Execution

high Nessus Plugin ID 12026

Language:

Synopsis

Arbitrary code may be run on the remote server.

Description

The remote host is running phpix, a PHP-based photo gallery suite.

Multiple vulnerabilities have been discovered in this product, which may allow a remote attacker to execute arbitrary commands with the privileges of the HTTP server.

Solution

Upgrade to the latest version of this CGI suite.

Plugin Details

Severity: High

ID: 12026

File Name: phpix_cmd_exec.nasl

Version: 1.24

Type: remote

Family: CGI abuses

Published: 1/20/2004

Updated: 11/3/2025

Configuration: Enable thorough checks (optional)

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

CVSS Score Rationale: Tenable score for arbitrary command execution vulnerability

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: manual

Vulnerability Information

CPE: cpe:/a:phpix:phpix

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 1/29/2004

Reference Information

BID: 9458

Detections

Analytics