ID 14240
Created Mar 02, 2007
Updated Feb 01, 2019
Severity dark-circle dark-circle dark-circle dark-circle dark-circle
Coverage switch-off-logo IPS (Regular DB)
switch-off-logo IPS (Extended DB)
Default Action pass
Active switch-off-logo
Affected OS Windows, Linux, BSD, Solaris, MacOS
Affected App PHP_app

Legend

Active/Available switch-on-logo
InActive/Not Available switch-off-logo

Update History

Date Version Detail
2019-02-05 14.542

Threat Encyclopedia

SiteAssistant.Menu.PHP.File.Inclusion

description-logoDescription

Site-Assistant has a remote file-include vulnerability. A remote attacker could execute arbitrary scripts on the web server with the privileges of the server via a specially-crafted URL request to the 'classes/menu.php' script, by using the 'paths[version]' parameter to specify a malicious PHP file from a remote system.

affected-products-logoAffected Products

Site-Assistant version 0990 and prior.

Impact logoImpact

Gain Access.

recomended-action-logoRecommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.
http://forum.site-assistant.net/

CVE References

CVE-2007-0867

Telemetry logoTelemetry