• News ▼
      • netVigilance News
      • Media Coverage
      • Press Releases
      • Events
  • Support ▼
      • Report a bug
      • Security Advisories
      • Service Level Agreement (SLA)
      • Software Updates
      • Free Scanner Downloads
      • FAQ
  • Corporate ▼
      • About
      • Management
      • Careers
      • Press Releases
  • Contact Us   ►        
Search
  • PCI

      • PCI

      • netVigilance PCI Scan - Cloud
      • netVigilance Total Coverage with PCI
      • netVigilance External Scan with PCI
  • Products

      • Products

      • netVigilance Total Coverage
      • netVigilance Total Coverage with PCI
      • netVigilance PCI Scan - Cloud
      • netVigilance WebScan - Cloud
      • netVigilance External Scan - Cloud
      • netVigilance Internal Scan - Windows
      • netVigilance Internal Scan - Cloud
      • netVigilance Internal Scan - Enterprise
      • netVigilance Scan - Service Provider
      • netVigilance Closed Loop Remediation Option
  • Partners

      • Partners

      • Authorized Partners
      • Reselling PCI
      • Become a Partner
      • Integration Partners
  • Resources

      • Literature

      • Case Stories
      • Testimonials
      • Fact Sheets (Datasheets)
      • White Papers
      • FAQ
      • PassPCI wiki

      • Compliance

      • Sarbanes-Oxley
      • HIPAA
      • CVSS
      • PCI

      • News

      • netVigilance News (Scoutnews)
      • Media Coverage
      • Press Releases

      • Security and Support Centre

      • Report a bug
      • Security Advisories
      • Service Level Agreement (SLA)
      • Software Updates
      • Free Scanner Downloads

      • Archive

      • Past Press Releases
  • Compliance

      • Compliance

      • Sarbanes-Oxley
      • HIPAA
      • CVSS
      • PCI
  • Case Stories

      • Case Stories

      • Testimonials
  • Buy Now

 

 

 

 

 

CVE Logo

 

 

 

Best Security Research

 »  netVigilance is an active contributor to nvd.nist.gov
 
 » Every vulnerability in our database is independently scored according to CVSS 2.0
 
 » Our Scoring is compared to nvd.nist.gov and inconsistencies are reported to the NVD team at NIST
 
 »

netVigilance is responsible for more than 400 changes to the National Vulnerability Database - more than anyone else.
 

 » Our Professional Services team will validate any vulnerability Scoring for you.
 
netVigilance Security Advisory
 
 
 
WSPortal version 1.0 Path Disclosure Vulnerability
 
 
Home » Security Advisory 32 - CVE-2007-3127
*

Fact: More than 15 vulnerabilities were discovered EVERY day of 2009

Description:

WSPortal is a site management system coded in PHP/MySQL. It is capable of adding pages, adding news to pages, adding images to news articles, alerting the site or a specific ip address, private messaging system between administrators.

Successful exploitation requires PHP magic_quotes_gpc set to OFF.

External References:
Mitre CVE: CVE-2007-3127
NVD NIST: CVE-2007-3127
OSVDB: 34164


Summary:
WSPortal is a site management system coded in PHP/MySQL.
Security problem in the product allows attackers to gather the true path of the server-side script.

Release Date:
June 17 2007

Severity:
Risk: Low

CVSS Metrics:
Access Vector: Remote
Access Complexity: Low
Authentication: Not-required
Confidentiality Impact: Partial
Integrity Impact: None
Availability Impact: None
Impact Bias: Normal
CVSS Base Score: 2.3

Target Distribution on Internet: Low

Exploitability: Functional Exploit
Remediation Level: Workaround
Report Confidence: Uncorroborated

Vulnerability Impact: Attack
Host Impact: Path disclosure.

SecureScout Testcase ID:
TC 17962

Vulnerable Systems:
WSPortal version 1.0

Vulnerability Type:
Program flaws - The product scripts have flaws which lead to Warnings or even Fatal Errors.

Vendor:
Chris Harvey

Vendor Status:
The Vendor has been notified several times on many different email addresses last on 6 June 2007. The Vendor has not responded. There is no official fix at the release of this Security Advisory.

Workaround:
Set display_errors = Off (php.ini file) or set magic_quotes_gpc = On (php.ini file).

Example:

REQUEST:
http://[TARGET]/[WSPORTAL-DIRECTORY]/content.php?page=';

REPLY:
<b>Warning</b>: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in <b>[DISCLOSED PATH][WSPORTAL-DIRECTORY]\content.php</b> on line <b>67</b><br /> <b>Warning</b>: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in <b>[DISCLOSED PATH][WSPORTAL-DIRECTORY]\content.php</b> on line <b>76</b><br />



Credits:
Jesper Jurcenoks
Co-founder netVigilance, Inc
www.netvigilance.com


back to Security Advisories 
 

Copyright©2004-2011,  netVigilance, Inc.   All rights reserved  • Privacy Policy

netVigilance©