SaveWeb.Portal.File.Inclusion
Description
A PHP remote file inclusion vulnerability in SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP code via the (1) SITE_Path parameter to menu_dx.php or (2) CONTENTS_Dir parameter to menu_sx.php.
Affected Products
circeOS SaveWebPortal 3.4
Impact
Arbitrary PHP code execution.
Recommended Actions
Currently we are not aware of any vendor-supplied patches for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |