WoW.Roster.subdir.Parameter.Handling.File
Description
PHP remote file inclusion vulnerability in conf.php in WoWRoster (aka World of Warcraft Roster) 1.5.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the subdir parameter.
Affected Products
WoW Roster WoW Roster 1.5.1
WoW Roster WoW Roster 1.5
Impact
Arbitrary PHP code execution
Recommended Actions
Currently we are not aware of any official vendor-supplied patches for these issues.
WoWRoster Web site: http://www.wowroster.net/.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |