The remote web server contains a PHP application that allows for arbitrary code execution. FUDforum < 2.7.1 Avatar Upload Extension Validation Weaknes
Reporter | Title | Published | Views | Family All 11 |
---|---|---|---|---|
![]() | CVE-2005-2781 | 2 Sep 200523:03 | – | cve |
![]() | Debian DSA-1063-1 : phpgroupware - missing input sanitising | 14 Oct 200600:00 | – | nessus |
![]() | [SECURITY] [DSA 1063-1] New phpgroupware packages fix execution of arbitrary web script code | 19 May 200622:07 | – | debian |
![]() | CVE-2005-2781 | 2 Sep 200500:00 | – | ubuntucve |
![]() | CVE-2005-2781 | 2 Sep 200504:00 | – | cvelist |
![]() | phpgroupware - missing input sanitising | 8 May 200600:00 | – | osv |
![]() | CVE-2005-2781 | 2 Sep 200523:03 | – | nvd |
![]() | Debian: Security Advisory (DSA-1063-1) | 17 Jan 200800:00 | – | openvas |
![]() | Debian Security Advisory DSA 1063-1 (phpgroupware) | 17 Jan 200800:00 | – | openvas |
![]() | HP-UX Update for Mozilla remote HPSBUX01133 | 5 May 200900:00 | – | openvas |
Source | Link |
---|---|
fudforum | www.fudforum.org/forum/index.php |
seclists | www.seclists.org/bugtraq/2005/Aug/392 |
cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description) {
script_id(19520);
script_version("1.21");
script_cve_id("CVE-2005-2781");
script_bugtraq_id(14678);
script_name(english:"FUDforum < 2.7.1 Avatar Upload Extension Validation Weakness Arbitrary Code Execution");
script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a PHP application that allows for
arbitrary code execution." );
script_set_attribute(attribute:"description", value:
"The remote host is running FUDforum, an open source web forum written
in PHP.
According to its banner, the version of FUDforum installed on the
remote host may allow an authenticated attacker to upload a file with
arbitrary PHP code as an avatar image and later run that code subject
to the privileges of the web server user id." );
script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2005/Aug/392" );
script_set_attribute(attribute:"see_also", value:"http://fudforum.org/forum/index.php?t=msg&th=5470&start=0&" );
script_set_attribute(attribute:"solution", value:
"Upload to FUDforum 2.7.1 or later." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_publication_date", value: "2005/08/29");
script_set_attribute(attribute:"vuln_publication_date", value: "2005/08/23");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value: "cpe:/a:ilia_alshanetsky:fudforum");
script_end_attributes();
script_summary(english:"Checks for avatar upload vulnerability in FUDforum < 2.7.1");
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.");
script_dependencies("http_version.nasl");
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_ports("Services/www", 80);
script_require_keys("www/PHP");
exit(0);
}
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
port = get_http_port(default:80, php: 1);
# Loop through CGI directories.
foreach dir (cgi_dirs()) {
# Request the main index.php script.
res = http_get_cache(item:string(dir, "/index.php"), port:port, exit_on_fail: 1);
if (egrep(string:res, pattern:'>Powered by: FUDforum ([01]\\.|2.([0-6]\\.|7\\.0)).+©.+ <a href="http://fudforum.org/">')) {
security_warning(port);
exit(0);
}
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo