Aardvark.Topsites.PHP.Remote.Command.Execution
Description
It indicates a possible exploit of a PHP remote file inclusion vulnerability in Aardvark Topsites PHP.
This flaw is due to an input validation error in the "sources/lostpw.php" script that does not validate the "CONFIG[path]" parameter.
Affected Products
Aardvark Topsites PHP Aardvark Topsites PHP 4.2.2
Aardvark Topsites PHP Aardvark Topsites PHP 4.1.1
Aardvark Topsites PHP Aardvark Topsites PHP 4.1
Impact
The execution of arbitrary PHP code on the system.
Recommended Actions
Upgrade to Aardvark Topsites PHP version 5.0.2 :
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-12-13 | 15.744 | Sig Added |