Release DateNov 03, 2011 |
Severityhigh |
ImpactSystem Compromise: Arbitrary PHP code execution. |
DescriptionThis indicates an attempt to exploit a PHP remote File Inclusion vulnerability in WoWRoster (aka World of Warcraft Roster).The vulnerability in "conf.php" may allow remote attackers to execute arbitrary PHP code via a URL in the "subdir" parameter. |
Affected ProductsWoW Roster WoW Roster 1.5.1WoW Roster WoW Roster 1.5 |
Recommended ActionsCurrently we are not aware of any official vendor supplied patch for this issue.WoWRoster Web site: http://www.wowroster.net/ |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2006-3998 |
Reference/shttp://www.frsirt.com/english/advisories/2006/3094 (FrSIRT) |
