AnyInventory.Environment.PHP.File.Inclusion

description-logoDescription

AnyInventory has a remote file inclusion vulnerability. A remote attacker can execute arbitrary scripts on the web server with the privileges of the server. This can be accomplished via a specially crafted URL request to 'environment.php', using the 'DIR_PREFIX' parameter to specify a malicious PHP file from a remote system.

affected-products-logoAffected Products

anyInventory anyInventory 1.9.1
anyInventory anyInventory 2.0

Impact logoImpact

System compromise: remote script execution.

recomended-action-logoRecommended Actions

Currently we are not aware of any official update for this issue.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)