Intrusion Prevention

C.Arbre.root.path.Parameter.Handle.Remote.File.Inclusion

Description

This indicates multiple file inclusion vulnerabilities in C-Arbre. This issue is due to input validation errors in various scripts when processing the "root_path" parameter. It allows remote attackers to execute arbitrary PHP code via a URL.

Affected Products

C-Arbre version 0.6PR7 and prior.

Impact

System compromise.

Recommended Actions

Currently we are not aware of any official supplied fix for issue.
C-Arbre Web site, C-Arbre at http://c-arbre.pacageek.org/.

CVE References

CVE-2007-1721