Intrusion Prevention

Log1.CMS.WriteInfo.PHP.Code.Injection

Description

This indicates an attack attempt against an Security Bypass vulnerability in appRain CMF.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application when handling HTTP requests. A remote attacker may be able to exploit this to execute arbitrary script code within the context of the application.

Affected Products

Log1CMS Log1CMS 2.0

Impact

Security Bypass: Remote attackers can bypass security checking of vulnerable systems.
System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Upgrade to the latest version available from the website.
http://log1cms.sourceforge.net/

CVE References

CVE-2011-4825