PHPartenaire.File.Inclusion

description-logoDescription

This indicates possible detection of an attempt to exploit a vulnerability in PHPartenaire which could be exploited by attackers to execute arbitrary commands.
This vulnerability is due to an input validation error in the "dix.php3" script, which fails to validate the "url_phpartenaire" parameter. This can be exploited by remote attackers to include malicious files and execute arbitrary commands with the privileges of the web server.

affected-products-logoAffected Products

PHPartenaire version 1.0 and prior.

Impact logoImpact

System compromise: remote code execution.

recomended-action-logoRecommended Actions

Currently we are not aware of any vendor supplied patch or update for this issue.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)