Zorum < 3.6.0 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 2692

Synopsis

The remote web server contains a PHP application that is affected by numerous flaws. The remote host is running Zorum, an open-source electronic forum written in PHP. The version of Zorum installed on the remote host is prone to several vulnerabilities. Namely:

Description

An attacker can execute arbitrary shell commands by means of specially-crafted arguments to the 'argv[1]' parameter of the 'gorum/prod.php' script provided that PHP's 'register_globals' setting is enabled and 'register_argc_argv' is disabled.

An attacker can adjust the 'id' parameter to the 'index.php' script after authentication, setting it to that of another currently authenticated user to gain their privileges.

An attacker can insert SQL code in the 'Search in messages created by user' box as well as the 'rollid' parameter to trigger an SQL error and possibly manipulate SQL queries if PHP's 'magic_quotes' is disabled.

The 'list', 'method', and 'frommethod' parameters of the 'index.php' script are not sanitized properly, allowing a remote attacker to inject arbitrary HTML or script code in a user's browser in the context of the affected web site, resulting in theft of authentication data or other such attacks.

Solution

Upgrade to version 3.6.0 or higher.

Plugin Details

Severity: High

ID: 2692

Family: CGI

Published: 3/10/2005

Updated: 3/6/2019

Nessus ID: 17312

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:phpoutsourcing:zorum

Reference Information

CVE: CVE-2005-0675, CVE-2005-0676, CVE-2005-0677, CVE-2005-2651, CVE-2005-4619, CVE-2006-3332

BID: 12777, 14601, 16131, 18681

Detections

Analytics