Intrusion Prevention

PHPartenaire.File.Inclusion

Description

This indicates possible detection of an attempt to exploit a vulnerability in PHPartenaire which could be exploited by attackers to execute arbitrary commands.
This vulnerability is due to an input validation error in the "dix.php3" script, which fails to validate the "url_phpartenaire" parameter. This can be exploited by remote attackers to include malicious files and execute arbitrary commands with the privileges of the web server.

Affected Products

PHPartenaire version 1.0 and prior.

Impact

System compromise: remote code execution.

Recommended Actions

Currently we are not aware of any vendor supplied patch or update for this issue.

CVE References

CVE-2006-5032