PEGames.File.Inclusion

description-logoDescription

index.php in PEGames uses the extract function to overwrite critical variables, which allows remote attackers to conduct PHP remote file inclusion attacks via the abs_url parameter, which is later extracted to overwrite a previously uncontrolled value.

affected-products-logoAffected Products

PEGames PEGames 0

Impact logoImpact

Remote file inclusion.

recomended-action-logoRecommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)