W-Agora < 4.2.1 index.php site Parameter Traversal Arbitrary File Access
Medium Nessus Network Monitor Plugin ID 3171
SynopsisThe remote host is vulnerable to multiple attack vectors.
DescriptionThe remote host is running W-Agora, a web-based forum management software written in PHP. This version of Agora is vulnerable to a flaw in the way that it handles the 'site' parameter of the index.php script. An attacker exploiting this flaw can supply a directory outside of the web root. Successful exploitation would allow the remote attacker the ability to peruse potentially confidential files outside of the web root (such as /etc/passwd or similar). In addition, the software is vulnerable to several other remote cross-site-scripting (XSS) and script injection flaws. Finally, the application is vulnerable to a multiple 'file include' flaws. An attacker exploiting this flaw would be able to execute arbitrary PHP script code on the W-Agora system. Executed scripts would have the permissions of the webserver process.
SolutionUpgrade to version 4.2.1 or higher.