BASE < 1.4.4 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 5211
SynopsisThe remote host is running a PHP application that is vulnerable to multiple attack vectors.
DescriptionThe remote host is running BASE, a web-based tool for analyzing alerts from one or more SNORT sensors. The version of BASE installed on the remote host is earlier than 1.4.4. Such versions are potentially affected by multiple issues :
- A SQL-injection flaw.
- A cross-site scripting vulnerability in 'base_local_rules.php'.
- A local file include vulnerability in 'base_local_rules.php'.
SolutionUpgrade to BASE version 1.4.4 or later.