Release DateNov 25, 2011 |
Severitymedium |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems |
DescriptionThis indicates an attack attempt to exploit a File Inclusion vulnerability in Graphiks GrapAgenda.The vulnerability is due to insufficient sanitizing of user supplied inputs. A remote attacker can include arbitrary files and execute it within the context of the application. A remote attacker could execute arbitrary scripts on the web server, with the privileges of the server. This can be accomplished via a specially crafted URL request to the 'index.php' script, using the 'page' parameter to specify a malicious PHP file from a remote system. |
Affected ProductsGrapAgenda version 0.1 and prior |
Recommended ActionsCurrently we are not aware of any vendor supplied patches for this issue. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2006-4610 |
Reference/shttp://www.securityfocus.com/bid/19857 (BugTraq) |
