Intrusion Prevention

PHP.eyeOS.SESSION.Array.Code.Execution

Description

It indicates a possible exploit of PHP Code Execution vulnerability in eyeOS, a web based operating system that may allow remote attacker to execute arbitrary PHP code on the vulnerable system once it is compromised.This flaw is due to an error in the "desktop.php" script that fails to properly initialize the "_SESSION" array, which could be exploited by remote attackers to inject and execute arbitrary PHP code with the privileges of the web server.

Affected Products

eyeOS version 0.8.9 and prior

Impact

Compromise of the system.

Recommended Actions

Upgrade to eyeOS version 0.8.10 , see reference.