Release DateAug 02, 2007 |
Severitylow |
ImpactSystem compromise, remote script execution. |
DescriptionValerio Capello Dagger has a remote file include vulnerability. A remote attacker could execute arbitrary script code on the web server with the privileges of the server. This can be done by sending a specially crafted URL request to the 'cal.func.php' script, using the 'dir_edge_lang' parameter to specify a malicious PHP file from a remote system. |
Affected ProductsDagger r23jan2007 and prior. |
Recommended ActionsCurrently we are not aware of any official fix for this issue. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2007-3431 |
Reference/shttp://www.securityfocus.com/bid/24605 (BugTraq) |
