ZebraFeeds.Remote.File.Inclusion
Description
ZebraFeeds is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Affected Products
ZebraFeeds ZebraFeeds 1.1 RC1
ZebraFeeds ZebraFeeds 1.0
Impact
Arbitrary code execution.
Recommended Actions
The vendor has released a patch to address this issue.
ZebraFeeds ZebraFeeds 1.0
ZebraFeeds ZebraFeeds-1.0-patch1.zip
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |