WoW.Roster.subdir.Parameter.Handling.File.Inclusion
Description
This indicates an attempt to exploit a PHP remote File Inclusion vulnerability in WoWRoster (aka World of Warcraft Roster).
The vulnerability in "conf.php" may allow remote attackers to execute arbitrary PHP code via a URL in the "subdir" parameter.
Affected Products
WoW Roster WoW Roster 1.5.1
WoW Roster WoW Roster 1.5
Impact
System Compromise: Arbitrary PHP code execution.
Recommended Actions
Currently we are not aware of any official vendor supplied patch for this issue.
WoWRoster Web site: http://www.wowroster.net/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-07-12 | 14.648 | Sig Added |