Intrusion Prevention

SaveWeb.Portal.File.Inclusion

Description

A PHP remote file inclusion vulnerability in SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP code via the (1) SITE_Path parameter to menu_dx.php or (2) CONTENTS_Dir parameter to menu_sx.php.

Affected Products

circeOS SaveWebPortal 3.4

Impact

Arbitrary PHP code execution.

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.

CVE References

CVE-2005-2687