Release DateMar 14, 2007 |
Severitymedium |
ImpactThe execution of arbitrary PHP code on the system. |
DescriptionIt indicates a possible exploit of a remote file inclusion vulnerability in Aardvark Topsites PHP.A remote attacker could send a specially-crafted URL request to the join.php script, using the CONFIG[path] parameter to specify a malicious PHP file. |
Affected ProductsAardvark Topsites PHP 4.2.2 and earlier. |
Recommended ActionsUpgrade to the latest version of Aardvark Topsites PHP (5.0.2 or later):http://www.aardvarkind.com/ |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2006-7026 |
