Vulnerabilities > CVE-2005-1312 - Remote File Include vulnerability in Yappa-NG

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

nessus

NVD

Published: 2005-04-24

Updated: 2008-09-05

Summary

PHP remote file inclusion vulnerability in Yappa-NG before 2.3.2 allows remote attackers to execute arbitrary PHP code via unknown vectors.

Part	Description	Count
Application	Yappa-Ng Yappa NG Yappa NG 0.9 Yappa NG Yappa NG 1.0 Yappa NG Yappa NG 1.1 Yappa NG Yappa NG 1.2 Yappa NG Yappa NG 1.3 Yappa NG Yappa NG 1.4 Yappa NG Yappa NG 1.5 Yappa NG Yappa NG 1.6 Yappa NG Yappa NG 2.0.0 Yappa NG Yappa NG 2.0.1 Yappa NG Yappa NG 2.1.0 Yappa NG Yappa NG 2.2.0 Yappa NG Yappa NG 2.2.1 Yappa NG Yappa NG 2.2.2 Yappa NG Yappa NG 2.3.0 Yappa NG Yappa NG 2.3.1	16

NASL family	CGI abuses
NASL id	YAPPA_NG_2_3_2.NASL
description	The version of yappa-ng installed on the remote host is prone to multiple file include and cross-site scripting vulnerabilities due to its failure to sanitize user-supplied script input when calling various include scripts directly. By exploiting the file include vulnerabilities, an attacker can read arbitrary files on the remote host and possibly even run arbitrary code, subject to the privileges of the web server process. And by exploiting the cross-site scripting vulnerabilities, he can cause arbitrary script and HTML code to be run in a user
last seen	2020-06-01
modified	2020-06-02
plugin id	18150
published	2005-04-27
reporter	This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/18150
title	yappa-ng < 2.3.2 Multiple Vulnerabilities