PHP Arbitrary File Upload

medium Nessus Network Monitor Plugin ID 2286

Synopsis

The remote host is vulnerable to a an arbitrary file upload flaw.

Description

The remote web server is configured to be PHP-enabled. It is reported that versions of PHP up to 5.0.2 and 4.3.9 are prone to a file upload vulnerability. An attacker may upload an arbitrary file on the web server in the context of the PHP application.

Solution

Upgrade to version 4.3.9, 5.0.2 or higher.

See Also

http://php.net/ChangeLog-4.php

Plugin Details

Severity: Medium

ID: 2286

Family: Web Servers

Published: 8/20/2004

Updated: 3/6/2019

Nessus ID: 14770

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 6.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:php:php

Patch Publication Date: 8/24/2004

Vulnerability Publication Date: 8/24/2004

Reference Information

CVE: CVE-2004-0959

BID: 11190