Release DateSep 07, 2007 |
Severitylow |
ImpactSystem compromise, remote script execution. |
DescriptionPhp Blue Dragon CMS has a remote file inclusion vulnerability. A remote attacker could execute arbitrary scripts on a web server with the privileges of the server via a specially crafted URL request to the 'public_includes/pub_blocks/activecontent.php' script, by using the 'vsDragonRootPath' parameter to specify a malicious PHP file from a remote system. |
Affected ProductsPhp Blue Dragon CMS version 3.0.0 and prior. |
Recommended ActionsCurrently we are not aware of any official fix for this issue. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2007-4313 |
Reference/shttp://www.securityfocus.com/bid/25264 (BugTraq) |
