Intrusion Prevention

Headline.Portal.Engine.HPEInc.File.Inclusion

Description

HPE has multiple remote file-include vulnerabilities. A remote attacker could execute arbitrary scripts on the web server with the privileges of the server, via a specially-crafted URL request to multiple script pages, by using the 'HPEinc' parameter to specify a malicious PHP file from a remote system.

Affected Products

HPE version 0.6.1.
HPE version 0.6.5
HPE version 0.7.0
HPE version 1.0

Impact

Gain Access.

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.
http://freshmeat.net/projects/hpe/