BASE base_qry_common.php file include

Added: 06/23/2006
CVE: CVE-2006-2685
BID: 18298
OSVDB: 25770


Snort is an open-source intrusion detection system. The Basic Analysis and Security Engine (BASE) is a web interface for analyzing Snort results.


If the register_globals PHP option is enabled, the base_qry_common.php script can be used to include arbitrary files under the directory specified by the BASE_path parameter. This could lead to execution of local or remote PHP code.


Upgrade to BASE 1.2.5 or higher.



In order for this exploit to succeed, the register_globals option must be enabled in the PHP configuration, and the Apache log file must exist in a common location.
Back to exploit index