ID WEBGUI_673.NASL Type nessus Reporter This script is Copyright (C) 2005-2021 Tenable Network Security, Inc. Modified 2005-09-06T00:00:00
Description
The remote host is running WebGUI, a content management system from
Plain Black Software.
According to its banner, the installed version of WebGUI on the remote
host fails to sanitize user-supplied input to various sources before
using it to run commands. By leveraging these flaws, an attacker may
be able to execute arbitrary commands on the remote host within the
context of the affected web server userid.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description) {
script_id(19590);
script_version("1.19");
script_cve_id("CVE-2005-2837");
script_bugtraq_id(14732);
name["english"] = "WebGUI < 6.7.3 Multiple Command Execution Vulnerabilities";
script_name(english:name["english"]);
script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a CGI script that is prone to arbitrary
code execution." );
script_set_attribute(attribute:"description", value:
"The remote host is running WebGUI, a content management system from
Plain Black Software.
According to its banner, the installed version of WebGUI on the remote
host fails to sanitize user-supplied input to various sources before
using it to run commands. By leveraging these flaws, an attacker may
be able to execute arbitrary commands on the remote host within the
context of the affected web server userid." );
# http://web.archive.org/web/20061201162715/http://www.plainblack.com/getwebgui/advisories/security-exploit-found-in-6.x-versions
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1763907f" );
script_set_attribute(attribute:"solution", value:
"Upgrade to WebGUI 6.7.3 or later." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_publication_date", value: "2005/09/06");
script_set_attribute(attribute:"vuln_publication_date", value: "2005/09/01");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:plain_black:webgui");
script_end_attributes();
summary["english"] = "Checks for multiple command execution vulnerabilities in WebGUI < 6.7.3";
script_summary(english:summary["english"]);
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.");
script_dependencies("http_version.nasl");
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_ports("Services/www", 80);
exit(0);
}
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
port = get_http_port(default:80);
# Loop through CGI directories.
foreach dir (cgi_dirs()) {
# Get the initial page.
res = http_get_cache(item:string(dir, "/"), port:port, exit_on_fail: 1);
if (
egrep(string:res, pattern:'<meta name="generator" content="WebGUI 6\\.([1-6]\\..*|7\\.[0-2])"') ||
egrep(string:res, pattern:'^ +<!-- WebGUI 6\\.([1-6]\\..*|7\\.[0-2]) -->')
) {
security_hole(port);
}
}
{"id": "WEBGUI_673.NASL", "bulletinFamily": "scanner", "title": "WebGUI < 6.7.3 Multiple Command Execution Vulnerabilities", "description": "The remote host is running WebGUI, a content management system from\nPlain Black Software. \n\nAccording to its banner, the installed version of WebGUI on the remote\nhost fails to sanitize user-supplied input to various sources before\nusing it to run commands. By leveraging these flaws, an attacker may\nbe able to execute arbitrary commands on the remote host within the\ncontext of the affected web server userid.", "published": "2005-09-06T00:00:00", "modified": "2005-09-06T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/19590", "reporter": "This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.", "references": ["http://www.nessus.org/u?1763907f"], "cvelist": ["CVE-2005-2837"], "type": "nessus", "lastseen": "2021-01-20T15:48:29", "edition": 24, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-2837"]}, {"type": "osvdb", "idList": ["OSVDB:19148", "OSVDB:19146", "OSVDB:19147"]}], "modified": "2021-01-20T15:48:29", "rev": 2}, "score": {"value": 7.5, "vector": "NONE", "modified": "2021-01-20T15:48:29", "rev": 2}, "vulnersScore": 7.5}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description) {\n script_id(19590);\n script_version(\"1.19\");\n\n script_cve_id(\"CVE-2005-2837\");\n script_bugtraq_id(14732);\n\n name[\"english\"] = \"WebGUI < 6.7.3 Multiple Command Execution Vulnerabilities\";\n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a CGI script that is prone to arbitrary\ncode execution.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running WebGUI, a content management system from\nPlain Black Software. \n\nAccording to its banner, the installed version of WebGUI on the remote\nhost fails to sanitize user-supplied input to various sources before\nusing it to run commands. By leveraging these flaws, an attacker may\nbe able to execute arbitrary commands on the remote host within the\ncontext of the affected web server userid.\" );\n # http://web.archive.org/web/20061201162715/http://www.plainblack.com/getwebgui/advisories/security-exploit-found-in-6.x-versions\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1763907f\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to WebGUI 6.7.3 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/09/06\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/09/01\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:plain_black:webgui\");\n script_end_attributes();\n \n summary[\"english\"] = \"Checks for multiple command execution vulnerabilities in WebGUI < 6.7.3\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = get_http_port(default:80);\n\n# Loop through CGI directories.\nforeach dir (cgi_dirs()) {\n # Get the initial page.\n res = http_get_cache(item:string(dir, \"/\"), port:port, exit_on_fail: 1);\n\n if (\n egrep(string:res, pattern:'<meta name=\"generator\" content=\"WebGUI 6\\\\.([1-6]\\\\..*|7\\\\.[0-2])\"') ||\n egrep(string:res, pattern:'^ +<!-- WebGUI 6\\\\.([1-6]\\\\..*|7\\\\.[0-2]) -->')\n ) {\n security_hole(port);\n }\n}\n", "naslFamily": "CGI abuses", "pluginID": "19590", "cpe": ["cpe:/a:plain_black:webgui"], "scheme": null}
{"cve": [{"lastseen": "2020-10-03T11:34:55", "description": "Multiple eval injection vulnerabilities in PlainBlack Software WebGUI before 6.7.3 allow remote attackers to execute arbitrary Perl code via (1) Help.pm, (2) International.pm, or (3) WebGUI.pm.", "edition": 3, "cvss3": {}, "published": "2005-09-07T20:03:00", "title": "CVE-2005-2837", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2837"], "modified": "2008-09-05T20:52:00", "cpe": ["cpe:/a:plain_black:webgui:6.2", "cpe:/a:plain_black:webgui:5.2.3", "cpe:/a:plain_black:webgui:6.7.2", "cpe:/a:plain_black:webgui:6.2.7", "cpe:/a:plain_black:webgui:6.2.4", "cpe:/a:plain_black:webgui:6.2.9", "cpe:/a:plain_black:webgui:6.5.0_beta", "cpe:/a:plain_black:webgui:6.2.5", "cpe:/a:plain_black:webgui:6.2.6", "cpe:/a:plain_black:webgui:6.7.0", "cpe:/a:plain_black:webgui:5.2.4", "cpe:/a:plain_black:webgui:6.3.0", "cpe:/a:plain_black:webgui:6.2.1", "cpe:/a:plain_black:webgui:6.2.2", "cpe:/a:plain_black:webgui:6.4.0", "cpe:/a:plain_black:webgui:6.6.0", "cpe:/a:plain_black:webgui:6.7.1", "cpe:/a:plain_black:webgui:6.2.8", "cpe:/a:plain_black:webgui:6.2.3"], "id": "CVE-2005-2837", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2837", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:plain_black:webgui:6.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:plain_black:webgui:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:plain_black:webgui:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:plain_black:webgui:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:plain_black:webgui:6.5.0_beta:*:*:*:*:*:*:*", "cpe:2.3:a:plain_black:webgui:6.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:plain_black:webgui:5.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:plain_black:webgui:6.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:plain_black:webgui:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:plain_black:webgui:6.2:*:*:*:*:*:*:*", "cpe:2.3:a:plain_black:webgui:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:plain_black:webgui:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:plain_black:webgui:6.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:plain_black:webgui:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:plain_black:webgui:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:plain_black:webgui:5.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:plain_black:webgui:6.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:plain_black:webgui:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:plain_black:webgui:6.2.9:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:15", "bulletinFamily": "software", "cvelist": ["CVE-2005-2837"], "edition": 1, "description": "## Solution Description\nUpgrade to version 6.7.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\n[Secunia Advisory ID:16682](https://secuniaresearch.flexerasoftware.com/advisories/16682/)\n[Related OSVDB ID: 19146](https://vulners.com/osvdb/OSVDB:19146)\n[Related OSVDB ID: 19148](https://vulners.com/osvdb/OSVDB:19148)\nOther Advisory URL: http://www.plainblack.com/getwebgui/advisories/security-exploit-found-in-6.x-versions\n[CVE-2005-2837](https://vulners.com/cve/CVE-2005-2837)\n", "modified": "2005-09-01T05:43:51", "published": "2005-09-01T05:43:51", "href": "https://vulners.com/osvdb/OSVDB:19147", "id": "OSVDB:19147", "title": "WebGUI International.pm Unspecified Arbitrary Perl Code Execution", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:15", "bulletinFamily": "software", "cvelist": ["CVE-2005-2837"], "edition": 1, "description": "## Solution Description\nUpgrade to version 6.7.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\n[Secunia Advisory ID:16682](https://secuniaresearch.flexerasoftware.com/advisories/16682/)\n[Related OSVDB ID: 19147](https://vulners.com/osvdb/OSVDB:19147)\n[Related OSVDB ID: 19148](https://vulners.com/osvdb/OSVDB:19148)\nOther Advisory URL: http://www.plainblack.com/getwebgui/advisories/security-exploit-found-in-6.x-versions\n[CVE-2005-2837](https://vulners.com/cve/CVE-2005-2837)\n", "modified": "2005-09-01T05:43:51", "published": "2005-09-01T05:43:51", "href": "https://vulners.com/osvdb/OSVDB:19146", "id": "OSVDB:19146", "title": "WebGUI Help.pm Unspecified Arbitrary Perl Code Execution", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:15", "bulletinFamily": "software", "cvelist": ["CVE-2005-2837"], "edition": 1, "description": "## Solution Description\nUpgrade to version 6.7.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\n[Secunia Advisory ID:16682](https://secuniaresearch.flexerasoftware.com/advisories/16682/)\n[Related OSVDB ID: 19146](https://vulners.com/osvdb/OSVDB:19146)\n[Related OSVDB ID: 19147](https://vulners.com/osvdb/OSVDB:19147)\nOther Advisory URL: http://www.plainblack.com/getwebgui/advisories/security-exploit-found-in-6.x-versions\n[CVE-2005-2837](https://vulners.com/cve/CVE-2005-2837)\n", "modified": "2005-09-01T05:43:51", "published": "2005-09-01T05:43:51", "href": "https://vulners.com/osvdb/OSVDB:19148", "id": "OSVDB:19148", "title": "WebGUI WebGUI.pm Unspecified Arbitrary Perl Code Execution", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
