Summary
This host is running Campsite and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attacker to execute arbitrary local files, and cause XSS attack, Directory Traversal attack and remote File Injection attack on the affected application.
Impact Level: Application
Solution
Upgrade to Campsite version 3.3.6 or later
For updates refer to http://campware.org/
Insight
The multiple flaws are due to,
- Input validation errors in the 'admin-files','conf/liveuser_configuration.php' 'include/phorum_load.php',scripts when processing the 'g_campsiteDir' parameter.
- Input validation error in the 'admin-files/templates/list_dir.php' script when,processing the 'listbasedir' parameter.
Affected
Campware, Campsite version 3.3.0 RC1 and prior
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2009-2181, CVE-2009-2182, CVE-2009-2183 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities
- Avenger's News System Command Execution
- Atlassian JIRA FishEye and Crucible Plugins XML Parsing Unspecified Security Vulnerability
- Apple Safari PDF Javascript Security Bypass Bypass Vulnerability
- b2Evolution title SQL Injection