phpBG.Rootdir.Parameter.File.Inclusion
Description
This indicates an attempt to exploit one of several remote file inclusion vulnerabilities in phpBG.
The vulnerabilities can be exploited via a specially crafted URL request to 'intern/admin/other/backup.php', 'intern/admin/', 'intern/clan/member_add.php', 'intern/config/key_2.php' or 'intern/config/forum.php'. The request must have the 'set_depth' parameter set to specify a malicious PHP file from a remote system. As a result a remote attacker can execute arbitrary script code on the web server with the privileges of the server.
Affected Products
phpBG version 0.9.1
Impact
System Compromise: remote attackers can gain control of vulnerable systems.
Recommended Actions
Currently we are not aware of any vendor supplied patch for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |