N/X WCMS 4.1 File Inclusion Vulnerabilities

2010-04-28 / 2010-04-29

Credit: eidelweiss

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2006-5625

CWE: CWE-94

CVSS Base Score: 5.1/10

Impact Subscore: 6.4/10

Exploitability Subscore: 4.9/10

Exploit range: Remote

Attack complexity: High

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

Description
Some vulnerabilities have been discovered in N/X WCMS, which can be exploited by malicious people to compromise a vulnerable system.

Input passed to the "c[path]" parameter in wwwdev/nxheader.inc.php, cms/api/xml/lib.inc.php, cms/api/parser/lib.inc.php, cms/api/cms/lib.inc.php, and www/nxheader.inc.php (version 4.5.0.85) is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.

Successful exploitation requires that "register_globals" is enabled.

NOTE: Other scripts may also be affected.

The vulnerabilities are confirmed in versions 4.1 and 4.5.0.85. Other versions may also be affected.

Solution
Edit the source code to ensure that input is properly verified or disable "register_globals".

References:

http://www.securityfocus.com/bid/20773

http://www.milw0rm.com/exploits/2659

http://www.frsirt.com/english/advisories/2006/4227

http://secunia.com/advisories/22627

http://milw0rm.com/exploits/2659

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

N/X WCMS 4.1 File Inclusion Vulnerabilities

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.