Intrusion Prevention

BT.Sondage.Gestion.Sondage.PHP.Remote.File.Inclusion

Description

This indicates a file inclusion vulnerability in BT-Sondage 112. This issue is due to input validation errors in the "utilitaires/gestion_sondage.php" scripts when processing the "repertoire_visiteur" parameter. It allows remote attackers to execute arbitrary PHP code via a URL.

Affected Products

BT-Sondage 1.12

Impact

System compromise.

Recommended Actions

Currently we are not aware of any official supplied fix for issue.
http://www.touchon.net/annuaire-applications-php-BT-Sondage.php

CVE References

CVE-2007-1812