Intrusion Prevention

PHP.phpSecurePages.interface.php.Command.Execution

Description

It indicates an attacker attempted to exploit an input validation error in phpSecurePages. A bug in phpSecurePages allows a user to modify the cfgProgPath variable in the interface.php script. A malicious attacker can assign a URL (containing web script) to the cfgProgPath variable which will then be executed by the interface.php script.

Affected Products

phpSecurePages phpSecurePages 0.24 beta and earlier

Impact

Compromise of the affected system.

Recommended Actions

Apply appropriate patch from the vendor or Upgrade to non-vulnerable version if available.

CVE References

CVE-2001-1468