Admbook.Arbitrary.Command.Execution
Description
This indicates a possible attempt to exploit a direct static code injection vulnerability in Admbook.
The vulnerability is due to an input validation error in the "index.php" script. The script fails to properly validate the "X-Forwarded-For" header before it is written to the "content-data.php" file. This can be exploited by remote attackers to compromise a vulnerable web server.
Affected Products
Admbook version 1.2.2 and prior.
Impact
System compromise: execution of arbitrary PHP code.
Recommended Actions
Currently we are not aware of any vendor supplied patches for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2020-12-11 | 16.978 |