Detections
Analytics

php-Charts wizard/index.php PHP Execution

high Nessus Plugin ID 67174

Language:

Synopsis

The remote web server hosts an application that allows arbitrary PHP code execution.

Description

The php-Charts install hosted on the remote web server contains a flaw that could allow arbitrary PHP code execution. Input passed to the 'wizard/index.php' script is not properly sanitized before being used in an eval() call. An unauthenticated, remote attacker could leverage this vulnerability to execute arbitrary PHP code on the remote host.

Solution

Unknown at this time.

See Also

http://www.php-charts.com

Plugin Details

Severity: High

ID: 67174

File Name: php_charts_wizard_type_code_exec.nasl

Version: 1.9

Type: remote

Family: CGI abuses

Published: 7/3/2013

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: x-cpe:/a:php_charts:php_charts

Required KB Items: www/php-charts

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 5/17/2013

Exploitable With

Metasploit (PHP-Charts v1.0 PHP Code Execution Vulnerability)

Reference Information

BID: 57448