Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> CGI abuses >> PAJAX < 0.5.2 Multiple Vulnerabilities


Vulnerability Assessment Details

PAJAX < 0.5.2 Multiple Vulnerabilities

Vulnerability Assessment Summary
Tries to execute code using PAJAX

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote web server contains a PHP script that is susceptible to
multiple issues.

Description :

The remote host is running PAJAX, a PHP library for remote
asynchronous objects in Javascript.

The version of PAJAX installed on the remote host fails to validate
input to the 'pajax/pajax_call_dispatcher.php' script before using it
in a PHP 'eval()' function. An unauthenticated attacker can exploit
this flaw to execute arbitrary command on the remote host subject to
the rights of the web server user id.

In addition, the application also reportedly fails to validate input
to classnames before using it in a PHP 'require()' function in
'Pajax.class.php', which permits for local file include attacks.

See also :

http://www.redteam-pentesting.de/advisories/rt-sa-2006-001.txt
http://www.auberger.com/pajax/3/

Solution :

Upgrade to PAJAX version 0.5.2 or later.

Network Security Threat Level:

High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/A:P/I:P/B:N)

Networks Security ID: 17519

Vulnerability Assessment Copyright: This script is Copyright (C) 2006 Tenable Network Security

Cables, Connectors


** Intel i3 10100F CPU Processor - USED  ** picture

** Intel i3 10100F CPU Processor - USED **

$47.99



Intel - Core i9-14900K 14th Gen 24-Core 32-Thread - 4.4GHz (6.0GHz Turbo) Soc... picture

Intel - Core i9-14900K 14th Gen 24-Core 32-Thread - 4.4GHz (6.0GHz Turbo) Soc...

$533.99



Intel - Core i7-14700K 14th Gen 20-Core 28-Thread - 4.3GHz (5.6GHz Turbo) Soc... picture

Intel - Core i7-14700K 14th Gen 20-Core 28-Thread - 4.3GHz (5.6GHz Turbo) Soc...

$373.99



Dell Intel® Xeon® Processor E5-2698 v4 Lightly Used picture

Dell Intel® Xeon® Processor E5-2698 v4 Lightly Used

$64.00



AMD Ryzen 7 7800X3D Processor (5 GHz, 8 Cores, Socket AM5), New /Sealed  picture

AMD Ryzen 7 7800X3D Processor (5 GHz, 8 Cores, Socket AM5), New /Sealed

$309.99



Intel Core i7-14700K Processor (5.5 GHz, 20 Cores, LGA 1700) BX8071514700K, OEM picture

Intel Core i7-14700K Processor (5.5 GHz, 20 Cores, LGA 1700) BX8071514700K, OEM

$339.99



Intel Core I7-4770 CPU Processor 3.40 GHz Quad Core Haswell SR149 LGA 1150... picture

Intel Core I7-4770 CPU Processor 3.40 GHz Quad Core Haswell SR149 LGA 1150...

$30.99



AMD Ryzen 5 7600x Processor (5.3 GHz, 6 Cores, LGA 1718/Socket AM5) NEW OEM Tray picture

AMD Ryzen 5 7600x Processor (5.3 GHz, 6 Cores, LGA 1718/Socket AM5) NEW OEM Tray

$169.98



Intel Xeon E5-2697 v4 2.3GHz 18-Core Processor CPU LGA2011 SR2JV picture

Intel Xeon E5-2697 v4 2.3GHz 18-Core Processor CPU LGA2011 SR2JV

$49.99



Intel Core i7-14700 2.1 GHz turbo  5.40 20-Core LGA1700 Processor 33MB 28  ++ picture

Intel Core i7-14700 2.1 GHz turbo 5.40 20-Core LGA1700 Processor 33MB 28 ++

$300.00



Discussions

No Discussions have been posted on this vulnerability.