Contenido < 4.6.4 class.inuse.php Multiple Parameter Remote File Inclusion

High Nessus Network Monitor Plugin ID 3323


The remote host is vulnerable to an flaw that allows attackers to execute arbitrary commands


The remote host is running Contenido, a web content-management application. This version of Contenido is vulnerable to an unspecified 'command execution' flaw. It is reported that an attacker can, by sending a malformed query, coerce the application into running system commands. This flaw can only be executed if the "allow_url_fopen" and "register_globals" PHP variables are enabled. Successful exploitation would result in loss of confidential data as well as a compromise of system integrity.


Upgrade to version 4.6.4 or higher.

See Also

Plugin Details

Severity: High

ID: 3323

Family: CGI

Published: 2005/12/09

Modified: 2016/01/15

Dependencies: 1442

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:OF/RC:C


Base Score: 7.3

Temporal Score: 7


Temporal Vector: CVSS3#E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:contenido:contendio

Reference Information

CVE: CVE-2005-4132

BID: 15790