PHPSecurePages.CfpProgDir.File.Inclusion
Description
It indicates a possible exploit of file include vulnerability in phpSecurePages.
phpSecurePages is a password protection tool for PHP web servers. A vulnerability is reported in it that may allow an attacker to execute arbitrary PHP code on the vulnerable server. This is due to phpSecurePages/secure.php script failure to sanitize value passed to cfgProgDir variable on a request. For exploiting this an attacker may convince a victim to click a malicious URL link to include and execute arbitrary files from external and local resources. Successful exploitation requires that "register_globals" is enabled.
Affected Products
phpSecurePages 0.28 beta.
Impact
Compromise of the affected system.
Recommended Actions
Apply appropriate patch from the vendor if available or upgrade to non-vulnerabl version.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |