{"id": "WPS_SHOP_REMOTE_CMD_EXEC.NASL", "bulletinFamily": "scanner", "title": "WPS Web-Portal-System wps_shop.cgi art Parameter Arbitrary Command Injection", "description": "The remote host is running the WPS Web-Portal-System.\n\nThe version of this software installed on the remote host is\nvulnerable to remote command execution flaw through the argument 'art'\nof the script 'wps_shop.cgi'. A malicious user could exploit this\nflaw to execute arbitrary commands on the remote host.", "published": "2005-07-27T00:00:00", "modified": "2021-01-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/19306", "reporter": "This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.", "references": ["https://www.securityfocus.com/archive/1/405100"], "cvelist": ["CVE-2005-2290"], "type": "nessus", "lastseen": "2021-01-01T07:01:06", "edition": 24, "viewCount": 19, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-2290"]}, {"type": "osvdb", "idList": ["OSVDB:17881"]}], "modified": "2021-01-01T07:01:06", "rev": 2}, "score": {"value": 7.7, "vector": "NONE", "modified": "2021-01-01T07:01:06", "rev": 2}, "vulnersScore": 7.7}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(19306);\n script_version(\"1.13\");\n script_cve_id(\"CVE-2005-2290\");\n script_bugtraq_id(14245);\n \n script_name(english:\"WPS Web-Portal-System wps_shop.cgi art Parameter Arbitrary Command Injection\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a CGI script that is prone to arbitrary\ncommand execution.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running the WPS Web-Portal-System.\n\nThe version of this software installed on the remote host is\nvulnerable to remote command execution flaw through the argument 'art'\nof the script 'wps_shop.cgi'. A malicious user could exploit this\nflaw to execute arbitrary commands on the remote host.\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/405100\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Disable or delete this script.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/07/27\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/07/13\");\n script_cvs_date(\"Date: 2018/11/15 20:50:19\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_summary(english:\"Checks for WPS wps_shop.cgi remote command execution flaw\");\n script_category(ACT_ATTACK);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"CGI abuses\");\n\n script_dependencie(\"http_version.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nhttp_check_remote_code (\n\t\t\textra_dirs:make_list(\"/cgi-bin/wps\"),\n\t\t\tcheck_request:\"/wps_shop.cgi?action=showartikel&cat=nessus&catname=nessus&art=|id|\",\n\t\t\textra_check:\"<small> WPS v\\.[0-9]+\\.[0-9]+\\.[0-9]+</a><small>\",\n\t\t\tcheck_result:\"uid=[0-9]+.*gid=[0-9]+.*\",\n\t\t\tcommand:\"id\"\n\t\t\t);\n", "naslFamily": "CGI abuses", "pluginID": "19306", "cpe": [], "scheme": null}

{"cve": [{"lastseen": "2020-10-03T11:34:55", "description": "wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and (2) cat variables.", "edition": 2, "cvss3": {}, "published": "2005-07-18T04:00:00", "title": "CVE-2005-2290", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2290"], "modified": "2016-10-18T03:26:00", "cpe": [], "id": "CVE-2005-2290", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2290", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}], "osvdb": [{"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "cvelist": ["CVE-2005-2290"], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.web-site-engineering.de/\nSecurity Tracker: 1014480\n[Secunia Advisory ID:15780](https://secuniaresearch.flexerasoftware.com/advisories/15780/)\nOther Advisory URL: http://www.securiteam.com/unixfocus/5BP0Q00GBG.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-07/0209.html\n[CVE-2005-2290](https://vulners.com/cve/CVE-2005-2290)\n", "modified": "2005-07-13T08:21:51", "published": "2005-07-13T08:21:51", "href": "https://vulners.com/osvdb/OSVDB:17881", "id": "OSVDB:17881", "type": "osvdb", "title": "WPS Web-Portal-System wps_shop.cgi art Parameter Arbitrary Command Injection", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}