CGI.WpsShop.Remote.Command.Execution
Description
It indicates a possible exploit of remote file include vulnerability in WPS Web-Portal-System.
A remote file include vulnerability is reported in WPS Web-Portal-System that may allow an attacker to execute arbitrary server side script code on the affected system with privilege of web server process. Due to insufficient sanitization of art parameter by "wps_shop.cgi" script before being used in an "open()" call an attacker can inject arbitrary shell commands via the "|" character.
Affected Products
WPS 0.7 and earlier versions.
Impact
Compromise of the affected system.
Recommended Actions
Apply appropriate patch from the vendor if available.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |