Intrusion Prevention



OPENi CMS Plugin has a remote file-include vulnerability. A remote attacker could execute arbitrary scripts on the web server with the privileges of the server via a specially-crafted URL request to the 'open-admin/plugins/site_protection/index.php' script, by using the 'config[oi_dir]' or 'config[openi_dir]' parameter to specify a malicious PHP file from a remote system.

Affected Products

Seitenschutz (plugin for OPENi-CMS) version 1.0 and prior.


Gain Access.

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.

CVE References