At a glance:
| ID | 14111 |
| Created | Feb 12, 2007 |
| Description Updated | Apr 23, 2014 |
| Severity |
|
| Coverage |
IPS (Regular DB)
IPS (Extended DB)
|
| Default Action | pass |
| Active |
|
| Affected OS | |
| Affected App |
Legend
| Enabled/Available | 
|
| Disabled/Not Avaliable |
|
Refine Search
Intrusion Prevention
Headline.Portal.Engine.HPEInc.File.Inclusion
Description
HPE has multiple remote file-include vulnerabilities. A remote attacker could execute arbitrary scripts on the web server with the privileges of the server, via a specially-crafted URL request to multiple script pages, by using the 'HPEinc' parameter to specify a malicious PHP file from a remote system.
Affected Products
HPE version 0.6.1.
HPE version 0.6.5
HPE version 0.7.0
HPE version 1.0
Impact
Gain Access.
Recommended Actions
Currently we are not aware of any vendor-supplied patches for this issue.
http://freshmeat.net/projects/hpe/