| Reporter | Title | Published | Views | Family All 35 |
|---|---|---|---|---|
| WikkaWiki <= 1.3.2 Multiple Security Vulnerabilities | 30 Nov 201100:00 | – | zdt | |
| CVE-2011-4448 | 5 Sep 201220:00 | – | cve | |
| CVE-2012-0993 | 21 Feb 201200:00 | – | cve | |
| CVE-2012-0995 | 21 Feb 201200:00 | – | cve | |
| CVE-2011-4448 | 5 Sep 201220:00 | – | cvelist | |
| CVE-2012-0993 | 21 Feb 201200:00 | – | cvelist | |
| CVE-2012-0995 | 21 Feb 201200:00 | – | cvelist | |
| Zenphoto 1.4.2 RCE | 31 Mar 201200:00 | – | dsquare | |
| WikkaWiki 1.3.2 - Multiple Vulnerabilities | 30 Nov 201100:00 | – | exploitdb | |
| EUVD-2011-4377 | 7 Oct 202500:30 | – | euvd |
| Source | Link |
|---|---|
| zenphoto | www.zenphoto.org/news/zenphoto-1.4.2.1 |
| htbridge | www.htbridge.ch/advisory/HTB23070 |
| securityfocus | www.securityfocus.com/bid/51916 |
# SPDX-FileCopyrightText: 2012 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.103412");
script_version("2023-12-13T05:05:23+0000");
script_tag(name:"last_modification", value:"2023-12-13 05:05:23 +0000 (Wed, 13 Dec 2023)");
script_tag(name:"creation_date", value:"2012-02-09 12:57:10 +0100 (Thu, 09 Feb 2012)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_cve_id("CVE-2011-4448", "CVE-2012-0993", "CVE-2012-0995");
script_tag(name:"qod_type", value:"remote_analysis");
script_tag(name:"solution_type", value:"VendorFix");
script_name("Zenphoto <= 1.4.2 Multiple Vulnerabilities - Active Check");
script_category(ACT_ATTACK);
script_copyright("Copyright (C) 2012 Greenbone AG");
script_family("Web application abuses");
script_dependencies("find_service.nasl", "no404.nasl", "webmirror.nasl", "DDI_Directory_Scanner.nasl", "gb_php_http_detect.nasl", "global_settings.nasl");
script_require_ports("Services/www", 80);
script_exclude_keys("Settings/disable_cgi_scanning");
script_tag(name:"summary", value:"Zenphoto is prone to multiple cross-site scripting (XSS)
vulnerabilities, an SQL injection (SQLi) vulnerability, and a PHP code injection vulnerability.");
script_tag(name:"vuldetect", value:"Sends a crafted HTTP GET request and checks the response.");
script_tag(name:"impact", value:"An attacker can exploit the cross-site scripting issues to
execute arbitrary script code in the browser of an unsuspecting user in the context of the
affected site. This may allow the attacker to steal cookie-based authentication credentials. The
PHP code injection can be exploited to inject and execute arbitrary malicious PHP code in the
context of the webserver process.
An attacker may be able to modify the logic of SQL queries. A successful exploit may allow the
attacker to compromise the software, retrieve information, or modify data, other consequences
are possible as well.");
script_tag(name:"affected", value:"Zenphoto version 1.4.2 and probably prior.");
script_tag(name:"solution", value:"See the references for a solution.");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/51916");
script_xref(name:"URL", value:"http://www.zenphoto.org/news/zenphoto-1.4.2.1");
script_xref(name:"URL", value:"https://www.htbridge.ch/advisory/HTB23070");
exit(0);
}
include("http_func.inc");
include("http_keepalive.inc");
include("list_array_func.inc");
include("port_service_func.inc");
port = http_get_port( default:80 );
if( ! http_can_host_php( port:port ) )
exit( 0 );
foreach dir( make_list_unique( "/zenphoto", http_cgi_dirs( port:port ) ) ) {
if( dir == "/" )
dir = "";
res = http_get_cache( port:port, item:dir + "/zp-core/admin.php" );
if( ! res || res !~ "^HTTP/1\.[01] 200" || "zen-logo.png" >!< res )
continue;
url = dir + "/zp-core/admin.php?a="><script>alert(/xss-test/)</script>";
if( http_vuln_check( port:port, url:url, pattern:"<script>alert\(/xss-test/\)</script>", check_header:TRUE,
extra_check:"zen-logo.png" ) ) {
report = http_report_vuln_url( port:port, url:url );
security_message( port:port, data:report );
exit( 0 );
}
}
exit( 99 );
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation