W-Agora < 4.2.1 index.php site Parameter Traversal Arbitrary File Access

Medium Nessus Network Monitor Plugin ID 3171

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running W-Agora, a web-based forum management software written in PHP. This version of Agora is vulnerable to a flaw in the way that it handles the 'site' parameter of the index.php script. An attacker exploiting this flaw can supply a directory outside of the web root. Successful exploitation would allow the remote attacker the ability to peruse potentially confidential files outside of the web root (such as /etc/passwd or similar). In addition, the software is vulnerable to several other remote cross-site-scripting (XSS) and script injection flaws. Finally, the application is vulnerable to a multiple 'file include' flaws. An attacker exploiting this flaw would be able to execute arbitrary PHP script code on the W-Agora system. Executed scripts would have the permissions of the webserver process.

Solution

Upgrade to version 4.2.1 or higher.

See Also

http://w-agora.net

Plugin Details

Severity: Medium

ID: 3171

Family: Web Servers

Published: 2005/08/18

Modified: 2016/01/21

Dependencies: 1442

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 4.3

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

CVSSv3

Base Score: 5.3

Temporal Score: 5.3

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS3#E:H/RL:U/RC:X

Reference Information

CVE: CVE-2005-2648, CVE-2006-2228

BID: 14597, 15110, 17751, 18601