AroundMe.Multiple.Remote.File.Inclusion
Description
This indicates multiple file inclusion vulnerabilities in AroundMe. They are due to input validation errors in the "components/core/inc/core_profile.header.php", "components/core/template/barnraiser_01/maint_contact_view.tpl.php", and "components/core/template/barnraiser_01/default.tpl.php" scripts when processing the "language_path_core", "template_path_core" and "template_path" parameters. The vulnerabilities allow remote attackers to include malicious scripts and execute arbitrary commands with the privileges of the web server.
Affected Products
AROUNDMe version 0.7.7 and prior.
Impact
System compromise.
Recommended Actions
Currently we are not aware of any official supplied fix for issue.
Vendor's web site:http://www.barnraiser.org/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2020-12-11 | 16.978 |