#############################################################################
#
#  CuteNews template files file include Vulnerability
#
#  Copyright: OS2A and it's member companies
#
#  Date Written: 2005/08/25
#
#  $Revision: 1.2 $
#
#  $Log: os2a_cutenews_template_600297.nasl,v $
#  Revision 1.2  2007/01/29 09:01:08  ajagadeesh
#  --Changed Risk factor
#
#  Revision 1.1  2005/08/26 09:59:51  bchandra
#  Issue #698
#
#  Revision 1.3  2005/08/26 08:24:41  schandan
#  Issue #698
#  Changes made in regular expression.
#
#  Revision 1.2  2005/08/26 05:34:44  nrnandini
#  1.Some formatting changes are made.
#  2.exit(0) is remove at the end of the code.
#
#  issue #698
#
#  Revision 1.1  2005/08/25 08:30:11  schandan
#  Issue #698
#
#
#  ------------------------------------------------------------------------
#  This program was written by OS2A and/or it's member companies and is
#  licensed under the GNU GPL license. Please see below for details. This
#  header contains information regarding licensing terms under the GPL, and
#  information regarding obtaining source code from the Author. Consequently,
#  pursuant to section 3(c) of the GPL, you must accompany the information
#  found in this header with any distribution you make of this Program.
#  ------------------------------------------------------------------------
##############################################################################


if(description)
{
 script_id(600297);
 script_cve_id("CAN-2005-1876");
 script_copyright(english:"Copyright (C) 2005 OS2A"); 
 script_version("$Revision: 1.2 $");
 script_category(ACT_GATHER_INFO); 
 script_family(english:"CGI abuses");
 name["english"] = "CuteNews template files file include Vulnerability";
 script_name(english:name["english"]);
 summary["english"] = "Check for vulnerable version of CuteNews";
 script_summary(english:summary["english"]);

 desc["english"] = "

 Overview: Direct code injection vulnerability in CuteNews 1.3.6 and
 earlier allows remote attackers with administrative privileges to
 execute arbitrary PHP code via certain inputs that are injected into
 a template '.tpl' file.

 Impact: A remote attacker who has been authenticated as an administrator
 could send a specially-crafted URL request to specify a malicious file
 from a remote system which would allow the attacker to execute arbitrary
 PHP code on the vulnerable system.

 Affected Software: CuteNews 1.3.6 and prior versions.

 Affected Platform: Any system running the affected software.

 Solution: No vendor patch available. 

 References:
 http://secunia.com/advisories/15594
 http://xforce.iss.net/xforce/xfdb/20866
 
 Risk factor : Medium";

 script_description(english:desc["english"]);
 script_dependencies("http_version.nasl", "os2a_cutenews_version_600295.nasl");
 script_require_keys("CuteNews/Version");
 script_require_ports("Services/www", 80);
 exit(0);
}

 
 include("http_func.inc");

 port = get_http_port(default:80);
 if ( !port ) {
      exit(0);
 }

 cuteNews = get_kb_item("CuteNews/Version");
 if(egrep(pattern:"CuteNews v(0\..*|1\.([0-2](\..*)?|3(\.[0-6])?$|3\.[0-6]\.))",
 	  string:cuteNews)) {
  	security_warning(port);
 }