LinPHA <= 1.1 Multiple Vulnerabilities

Medium Nessus Network Monitor Plugin ID 3426

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running LinPHA, a web photo gallery application written in PHP. The installed version of LinPHA suffers from a number of flaws, several of which may allow an unauthenticated attacker to view arbitrary files or to execute arbitrary PHP code on the remote host subject to the privileges of the web server user ID. Note that successful exploitation requires that PHP's 'magic_quotes_gpc' setting be disabled, that an attacker has the ability to create, upload or edit files on the remote host, or that the application's 'user login events log' setting be enabled. The host is also vulnerable to a cross-site scripting (XSS) and SQL injection attacks. Attackers exploiting the XSS flaw would be able to potentially execute malicious code within a user's browser. A successful SQL Injection attack would give the attacker the ability to execute arbitrary commands on the backend database server.

Solution

Upgrade or patch according to vendor recommendations.

See Also

http://retrogod.altervista.org/linpha_10_local.html

http://www.securityfocus.com/archive/1/424729/30/0/threaded

http://linpha.sourceforge.net/nuke/index.php

Plugin Details

Severity: Medium

ID: 3426

Family: CGI

Published: 2006/02/13

Modified: 2018/09/16

Dependencies: 1442

Nessus ID: 20892

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

CVSSv3

Base Score: 5.3

Temporal Score: 5.1

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS3#E:F/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:linpha:linpha

Reference Information

CVE: CVE-2006-0713, CVE-2006-1923, CVE-2006-1924

BID: 16592, 17619