NASLDB: Maia Mailguard login.php lang Parameter Local File Inclusion
General
ID: 25673
Name: Maia Mailguard login.php lang Parameter Local File Inclusion
Summary: Tries to read a local file with Maia Mailguard
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS Temporal Vector: CVSS2#E:F/RL:OF/RC:C
Port: 80
Family: CGI abuses
Type: Remote
Description
The remote host is running Maia Mailguard, a spam and virus management
system written in PHP.
The version of Maia Mailguard installed on the remote host fails to
sanitize user input to the ‘lang’ parameter before using it to include
PHP code in ‘login.php’. Regardless of PHP’s ‘register_globals’
setting, an unauthenticated, remote attacker may be able to exploit
this issue to view arbitrary files or to execute arbitrary PHP code on
the remote host, subject to the privileges of the web server user id.
Exploiting
Exploit Available: True
Exploitability Ease: Exploits are available
Sources
CVE: CVE-2007-3619
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: 2007/07/06
Patch Release: –
Plugin Release: 2007/07/06
Plugin
Version: 1.13
Filename: mailguard_lang_file_include.nasl
Filesize: 4029 bytes
MD5 Hash: cc5dde08a83d495ce25fe19740d09ef7
Identification: –
Require Keys: www/PHP
Dependencies: "http_version.nasl"
Copyright: This script is Copyright© 2007-2011 Tenable Network Security, Inc.
- Letzte Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack