OneOrZero Helpdesk tinfo.php Arbitrary File Upload

High Nessus Network Monitor Plugin ID 4801


The remote web server contains a PHP application that is affected by an arbitrary file upload vulnerability.


The remote host is running OneOrZero Helpdesk, a web-based helpdesk application written in PHP. The version of OneOrZero HelpDesk installed on the remote host allows uploads of arbitrary files via the 'tinfo.php' script provided the 'send_email' POST parameter is set. By uploading a file with arbitrary PHP code, an unauthenticated remote attacker can likely leverage this issue to execute code subject to the privileges of the web server user ID. In addition, there is a flaw in the login.php script when handling the 'default_language' parameter. An attacker would be able to view or execute arbitrary local files. Note that successful exploitation of this issue requires that 'Task Attachments' is enabled, which is true by default. Further, note that there is also reportedly a SQL injection issue involving the Content_Type for uploaded files and affecting this version of OneOrZero Helpdesk. If "Task Attachments' have been disabled, you are not vulnerable to this flaw.


Log into the application's control panel as the administrator and disable 'Task Attachments' (under 'OneOrZero Settings'). When released, upgrade to version or higher.

See Also

Plugin Details

Severity: High

ID: 4801

File Name: 4801.prm

Family: CGI

Published: 2008/12/23

Modified: 2016/01/21

Dependencies: 1442

Nessus ID: 35261

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 7.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:U/RC:ND


Base Score: 7.3

Temporal Score: 7.1


Temporal Vector: CVSS3#E:F/RL:U/RC:X

Reference Information

CVE: CVE-2009-0886

BID: 34029, 32959