Pheap.Edit.PHP.Filename.Parameter.Directory.Traversal
Description
This indicates an attack attempt against a directory-traversal vulnerability in the Pheap CMS web application.
A vulnerability has been reported in the Pheap CMS web application that may allow an attacker to read arbitrary files on a vulnerable system. This is possible because the user input filters fail to properly sanitize the "filename" parameter value. An attacker may read and modify arbitrary files by sending a crafted HTTP request.
Affected Products
Pheap Pheap 2.0
Pheap Pheap 1.3
Pheap Pheap 1.1
Pheap Pheap 1.0
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Currently we are not aware of any officially supplied patch for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |