Intrusion Prevention

ISPConfig.Session.INC.PHP.Remote.File.Inclusion

Description

It indicates a possible exploit of a file inclusion vulnerability in SPConfig that may allow remote attackers to execute arbitrary PHP code via a URL in the go_info[server][classes_root] parameter.

Affected Products

ISPConfig ISPConfig 2.2.3
ISPConfig ISPConfig 2.2.2

Impact

Compromise of the affected system.

Recommended Actions

The vendor reports that this issue is not exploitable on default configurations of the application, because the vulnerable file is not in the web root. However, the vendor has released an advisory to address this issue for situations where the vulnerable file is accessible remotely.

CVE References

CVE-2006-2315