| VID |
21857 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of Owl Intranet Engine which is older than version 0.74 is detected as installed on the host. Owl Intranet Engine is a multi-user document repository (knowledge base) system written in PHP4 for publishing of files/documents onto the Web. Owl Intranet Engine versions 0.73 and earlier are vulnerable to multiple cross-site scripting and SQL injection vulnerabilities which exist in the 'browse.php' script as follows:
1) Input passed to the "expand" and "order" parameters in the "browse.php" script isn't properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.
2) Input passed to the "parent" and "sortposted" parameters in the "browse.php" script is not properly sanitized before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
* Note: This check solely relied on the version number of Owl Intranet Engine on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://archives.neohapsis.com/archives/bugtraq/2004-12/0480.html
http://www.securitytracker.com/alerts/2004/Dec/1012709.html
http://secunia.com/advisories/13695/
* Platforms Affected:
Owl Intranet Engine version 0.73 and earlier versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Owl (0.74.0 or later), available from the Owl Download Web site at http://owl.sourceforge.net/modules/Download/ |
| Related URL |
CVE-2005-0264,CVE-2005-0265 (CVE) |
| Related URL |
12114 (SecurityFocus) |
| Related URL |
18704,18705 (ISS) |
|
