Vulnerabilities > CVE-2005-1222 - Remote Security vulnerability in Netref 4.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
cat_for_gen.php in Annuaire Netref 4.2 allows remote attackers to execute arbitrary PHP code by setting the ad_direct parameter to reference cat_for_gen.php, then including the code in the m_for_racine parameter, which is then written to cat_for_gen.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | CGI abuses |
| NASL id | NETREF_CAT_FOR_GEN.NASL |
| description | The remote host is running the Netref directory script, written in PHP. There is a vulnerability in the installed version of Netref that enables a remote attacker to pass arbitrary PHP script code through the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 18358 |
| published | 2005-05-23 |
| reporter | Copyright (C) 2005-2018 Josh Zlatin-Amishav |
| source | https://www.tenable.com/plugins/nessus/18358 |
| title | Netref cat_for_gen.php Arbitrary PHP Command Injection |