Detections
Analytics
Loudblog < 0.42 template Parameter Traversal
medium Nessus Plugin ID 21024
Language:
Synopsis
The remote web server contains a PHP application that suffers from an information disclosure vulnerability.Description
The remote host is running Loudblog, a PHP application for publishing podcasts and similar media files.The version of Loudblog installed on the remote host fails to sanitize input to the 'template' parameter of the 'index.php' script before returning the contents of the file in a dynamic web page. An unauthenticated attacker can exploit this issue to view arbitrary files on the affected system subject to the privileges of the web server user id.
In addition, there reportedly is also a local file include flaw involving the 'language' and 'page' parameters of the 'inc/backend_settings.php'and 'index.php' scripts and a SQL injection flaw involving the 'id' parameter of the 'podcast.php' script, although Nessus has not tested for these other issues.
Successful exploitation of these issues reportedly requires that PHP's 'magic_quotes_gpc' be disabled.
Solution
Upgrade to Loudblog 0.42 or later.See Also
https://www.securityfocus.com/archive/1/426973/30/0/threaded
http://web.archive.org/web/20061212174522/http://www.loudblog.de:80/forum/viewtopic.php?id=592
Plugin Details
Severity: Medium
ID: 21024
File Name: loudblog_042.nasl
Version: 1.21
Type: remote
Family: CGI abuses
Published: 3/8/2006
Updated: 4/11/2022
Configuration: Enable thorough checks (optional)
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.8
CVSS v2
Risk Factor: Medium
Base Score: 6.4
Temporal Score: 6.1
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N
Vulnerability Information
Required KB Items: www/PHP
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Available: true
Exploit Ease: Exploits are available
Exploited by Nessus: true
Vulnerability Publication Date: 3/7/2006
Reference Information
CVE: CVE-2006-1114
BID: 17023