ZebraFeeds.Remote.File.Inclusion

description-logoDescription

ZebraFeeds is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

affected-products-logoAffected Products

ZebraFeeds ZebraFeeds 1.1 RC1
ZebraFeeds ZebraFeeds 1.0

Impact logoImpact

Arbitrary code execution.

recomended-action-logoRecommended Actions

The vendor has released a patch to address this issue.
ZebraFeeds ZebraFeeds 1.0
ZebraFeeds ZebraFeeds-1.0-patch1.zip

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)