SimpleBoard sbp Parameter Remote File Inclusion

medium Nessus Network Monitor Plugin ID 3684

Synopsis

The remote web server contains a PHP application that is prone to remote file inclusion attacks.

Description

The remote host is running SimpleBoard, a web-based bulletin board component for Mambo / Joomla. The version of SimpleBoard installed on the remote host fails to sanitize input to the 'sbp' parameter of the 'image_upload.php' and reportedly other scripts before using it to include PHP code. Provided PHP's 'register_globals' setting is enabled, an unauthenticated attacker may be able to exploit these flaws to view arbitrary files on the remote host or to execute arbitrary PHP code, possibly taken from third-party hosts.

Solution

No solution is known at this time.

Plugin Details

Severity: Medium

ID: 3684

Family: CGI

Published: 7/12/2006

Updated: 3/6/2019

Nessus ID: 22023

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 5.2

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 6.3

Temporal Score: 6

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:W/RC:X

Vulnerability Information

CPE: cpe:/a:mamboxchange:simpleboard

Reference Information

CVE: CVE-2006-3528, CVE-2006-5043

BID: 18917, 23129