PHPartenaire.File.Inclusion
Description
This indicates possible detection of an attempt to exploit a vulnerability in PHPartenaire which could be exploited by attackers to execute arbitrary commands.
This vulnerability is due to an input validation error in the "dix.php3" script, which fails to validate the "url_phpartenaire" parameter. This can be exploited by remote attackers to include malicious files and execute arbitrary commands with the privileges of the web server.
Affected Products
PHPartenaire version 1.0 and prior.
Impact
System compromise: remote code execution.
Recommended Actions
Currently we are not aware of any vendor supplied patch or update for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |