This application requires Javascript for optimal performance.

SaveWeb.Portal.File.Inclusion

Release Date

Feb 09, 2007

Severity

high

Impact

Arbitrary PHP code execution.

Description

A PHP remote file inclusion vulnerability in SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP code via the (1) SITE_Path parameter to menu_dx.php or (2) CONTENTS_Dir parameter to menu_sx.php.

Affected Products

circeOS SaveWebPortal 3.4

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.

Coverage

IPS
VCM

Common Vulnerabilities and Exposures (CVE)

CVE-2005-2687

Reference/s

http://www.securityfocus.com/bid/19306 (BugTraq)

Reference: VID-14090