EvoBB.Path.Parameter.Remote.File.Inclusion

description-logoDescription

evoBB gv has a remote file inclusion vulnerability. A remote attacker could execute arbitrary code on a vulnerable Web server by sending a specially crafted URL request to the track.php or the connect.php script, using the path parameter to include a malicious file from a remote system.

affected-products-logoAffected Products

evoBB version 0.3 and prior.

Impact logoImpact

Gain Access.

recomended-action-logoRecommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.
http://www.4yougratis.it/script_php/forum/evoBBv0.3.htm

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)