Lucene search

K

FUDforum < 2.7.1 Avatar Upload Extension Validation Weakness Arbitrary Code Execution

🗓️ 29 Aug 2005 00:00:00Reported by This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.Type 
nessus
 nessus
🔗 www.tenable.com👁 24 Views

The remote web server contains a PHP application that allows for arbitrary code execution. FUDforum < 2.7.1 Avatar Upload Extension Validation Weaknes

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
CVE
CVE-2005-2781
2 Sep 200523:03
cve
Tenable Nessus
Debian DSA-1063-1 : phpgroupware - missing input sanitising
14 Oct 200600:00
nessus
Debian
[SECURITY] [DSA 1063-1] New phpgroupware packages fix execution of arbitrary web script code
19 May 200622:07
debian
UbuntuCve
CVE-2005-2781
2 Sep 200500:00
ubuntucve
Cvelist
CVE-2005-2781
2 Sep 200504:00
cvelist
OSV
phpgroupware - missing input sanitising
8 May 200600:00
osv
NVD
CVE-2005-2781
2 Sep 200523:03
nvd
OpenVAS
Debian: Security Advisory (DSA-1063-1)
17 Jan 200800:00
openvas
OpenVAS
Debian Security Advisory DSA 1063-1 (phpgroupware)
17 Jan 200800:00
openvas
OpenVAS
HP-UX Update for Mozilla remote HPSBUX01133
5 May 200900:00
openvas
Rows per page
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description) {
  script_id(19520);
  script_version("1.21");

  script_cve_id("CVE-2005-2781");
  script_bugtraq_id(14678);

  script_name(english:"FUDforum < 2.7.1 Avatar Upload Extension Validation Weakness Arbitrary Code Execution");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a PHP application that allows for
arbitrary code execution." );
 script_set_attribute(attribute:"description", value:
"The remote host is running FUDforum, an open source web forum written
in PHP. 

According to its banner, the version of FUDforum installed on the
remote host may allow an authenticated attacker to upload a file with
arbitrary PHP code as an avatar image and later run that code subject
to the privileges of the web server user id." );
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2005/Aug/392" );
 script_set_attribute(attribute:"see_also", value:"http://fudforum.org/forum/index.php?t=msg&th=5470&start=0&" );
 script_set_attribute(attribute:"solution", value:
"Upload to FUDforum 2.7.1 or later." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"plugin_publication_date", value: "2005/08/29");
 script_set_attribute(attribute:"vuln_publication_date", value: "2005/08/23");
 script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value: "cpe:/a:ilia_alshanetsky:fudforum");
script_end_attributes();

  script_summary(english:"Checks for avatar upload vulnerability in FUDforum < 2.7.1");
  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");
  script_copyright(english:"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.");
  script_dependencies("http_version.nasl");
  script_exclude_keys("Settings/disable_cgi_scanning");
  script_require_ports("Services/www", 80);
  script_require_keys("www/PHP");
  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");


port = get_http_port(default:80, php: 1);

# Loop through CGI directories.
foreach dir (cgi_dirs()) {
  # Request the main index.php script.
  res = http_get_cache(item:string(dir, "/index.php"), port:port, exit_on_fail: 1);

  if (egrep(string:res, pattern:'>Powered by: FUDforum ([01]\\.|2.([0-6]\\.|7\\.0)).+&copy;.+ <a href="http://fudforum.org/">')) {
    security_warning(port);
    exit(0);
  }
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
29 Aug 2005 00:00Current
0.4Low risk
Vulners AI Score0.4
CVSS27.5
EPSS0.013
24
.json
Report